forums Computer Tutorials Computer Help and Spyware Removal File DatabaseUninstall Database Windows Startup Programs Database Computer Resources Computer Glossary Forums Computer Help and Spyware Removal
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
STOPzilla Anti-Spyware

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

 
Closed TopicStart new topic
> Desktop Takeover & Constant Pop-ups, 180 search, winshelf, other weird things going on
stickshrapnel
post May 6 2008, 06:37 PM
Post #1


New Member
*

Group: Members
Posts: 7
Joined: 6-May 08
Member No.: 207,388
Win xp sp2, dual core, 1.9Ghz, 1 meg ram

my desktop just shows a blue screen, with a message saying i'm infected with spyware, with a link, which just goes to a site to download software that will "save me"! ya-right, I know the drill. Ran multiple antivirus/spyware programs with little success.

Here are the logs;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:25 PM, on 5/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\winself.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\default\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11857 bytes
Go to the top of the page
 
+Quote Post
Buckeye_Sam
post May 7 2008, 01:22 AM
Post #2


Malware Expert
******

Group: HJT Team
Posts: 8,967
Joined: 23-December 04
Member No.: 7,762
Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. smile.gif

Please go to this page and scroll down to step 6.
http://www.bleepingcomputer.com/forums/topic34773.html

Follow the directions there to run DSS and then post those logs back here in your next reply.


--------------------
If I have helped you in any way, please consider a donation to help me continue the fight against malware.
[ Start Here ] [ Adaware 2008 ] [ Spybot ] [ AVG Antivirus ] [ Superantispyware ] [ MalwareBytes ]
[ Spyware Blaster ] [ Windows Update ] [ How to install Windows XP Recovery Console ]
Go to the top of the page
 
+Quote Post
stickshrapnel
post May 7 2008, 12:08 PM
Post #3


New Member
*

Group: Members
Posts: 7
Joined: 6-May 08
Member No.: 207,388
Thanks Sam, I followed the instructions from the link, here are the pasted txt file/logs;

Deckard's System Scanner v20071014.68
Run by default on 2008-05-07 10:57:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-05-07 16:58:00 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2008-05-06 21:53:45 UTC - RP50 - Software Distribution Service 3.0
49: 2008-05-06 03:54:10 UTC - RP49 - Removed Bonjour
48: 2008-05-06 03:17:03 UTC - RP48 - Restore Operation
47: 2008-05-06 00:25:38 UTC - RP47 - Installed AVG Free 8.0


-- First Restore Point --
1: 2008-04-25 15:58:54 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as default.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:25 AM, on 5/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\WINDOWS\winself.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Documents and Settings\default\Desktop\dss.exe
C:\DOCUME~1\default\Desktop\default.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1935655697-1957994488-1801674531-1005\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Jeanne')
O4 - HKUS\S-1-5-21-1935655697-1957994488-1801674531-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Jeanne')
O4 - HKUS\S-1-5-21-1935655697-1957994488-1801674531-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Jeanne')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12165 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 BEHRINGER_2902 (usb-audio.de driver for BEHRINGER USB AUDIO) - c:\windows\system32\drivers\busb2902.sys <Not Verified; BEHRINGER; BEHRINGER USB AUDIO DRIVER>
S3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; SIA Syncrosoft; USB protection device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service

S2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-07 01:39:23 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-04-29 13:21:21 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-04-25 19:07:06 394 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1209171991.job


-- Files created between 2008-04-07 and 2008-05-07 -----------------------------

2008-05-05 22:22:54 31488 --a------ C:\WINDOWS\stcloader.exe
2008-05-05 22:20:43 19456 --a------ C:\WINDOWS\bokja.exe
2008-05-05 20:18:49 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-05 20:09:07 0 d--hs---- C:\Documents and Settings\LocalService\UserData
2008-05-05 20:09:00 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
2008-05-05 18:31:36 0 d--h----- C:\$AVG8.VAULT$
2008-05-05 18:25:47 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-05 18:25:47 0 d-------- C:\Documents and Settings\default\Application Data\AVGTOOLBAR
2008-05-05 18:25:38 0 d-------- C:\Program Files\AVG
2008-05-05 18:25:38 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-05 18:12:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2008-05-05 18:11:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-05-05 18:11:42 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-05 18:11:42 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-05-05 18:11:41 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-05-05 18:11:41 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-05 18:11:41 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-05-05 18:11:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-05 18:11:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-05 18:11:38 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-05 18:11:38 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-05-05 18:11:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-05-05 18:11:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-05-05 18:11:38 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-05-05 18:11:38 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-05 18:11:34 446464 --a------ C:\Documents and Settings\Administrator\NTUSER.DAT
2008-05-05 17:45:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-05 17:01:49 0 d-------- C:\Program Files\Lavasoft
2008-05-05 17:01:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-05 16:53:11 0 d-------- C:\Program Files\Windows Defender
2008-05-05 16:31:23 15616 --a------ C:\WINDOWS\voiceip.dll
2008-05-05 16:31:22 13568 --a------ C:\WINDOWS\swin32.dll
2008-05-05 16:31:22 8192 --a------ C:\WINDOWS\mssvr.exe
2008-05-05 16:31:22 31744 --a------ C:\WINDOWS\mspphe.dll
2008-05-05 16:31:22 31744 --a------ C:\WINDOWS\cdsm32.dll
2008-05-05 16:31:21 26368 --a------ C:\WINDOWS\bjam.dll
2008-05-05 16:31:21 27392 --a------ C:\WINDOWS\2020search2.dll
2008-05-05 16:31:21 22272 --a------ C:\WINDOWS\2020search.dll
2008-05-05 16:31:19 23808 --a------ C:\WINDOWS\saiemod.dll
2008-05-05 16:31:18 11776 --a------ C:\WINDOWS\msapasrc.dll
2008-05-05 16:31:18 27136 --a------ C:\WINDOWS\msa64chk.dll
2008-05-05 16:31:17 30208 --a------ C:\WINDOWS\shdocpl.dll
2008-05-05 16:31:17 16640 --a------ C:\WINDOWS\ntnut.exe
2008-05-05 16:31:16 14336 --a------ C:\WINDOWS\winsb.dll
2008-05-05 16:31:16 24832 --a------ C:\WINDOWS\shdocpe.dll
2008-05-05 16:31:16 26112 --a------ C:\WINDOWS\browserad.dll
2008-05-05 16:31:16 18432 --a------ C:\WINDOWS\aviwrap32.dll
2008-05-05 16:31:15 9728 --a------ C:\WINDOWS\avisynthex32.dll
2008-05-05 16:31:15 31488 --a------ C:\WINDOWS\avifile32.dll
2008-05-05 16:31:15 27904 --a------ C:\WINDOWS\autodisc32.dll
2008-05-05 16:31:15 32000 --a------ C:\WINDOWS\audiosrv32.dll
2008-05-05 16:31:14 30720 --a------ C:\WINDOWS\ati2dvag32.dll
2008-05-05 16:31:14 19968 --a------ C:\WINDOWS\ati2dvaa32.dll
2008-05-05 16:31:14 20480 --a------ C:\WINDOWS\athprxy32.dll
2008-05-05 16:31:14 10752 --a------ C:\WINDOWS\asycfilt32.dll
2008-05-05 16:31:14 24064 --a------ C:\WINDOWS\asferror32.dll
2008-05-05 16:31:13 14336 --a------ C:\WINDOWS\changeurl_30.dll
2008-05-05 16:31:13 29440 --a------ C:\WINDOWS\apphelp32.dll
2008-05-05 16:14:59 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia
2008-05-05 16:14:58 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-05-05 16:14:35 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-05 16:14:29 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-05-05 16:14:27 91563 --a------ C:\WINDOWS\system32\wmsdkns.exe <Not Verified; Microsoft; XML Media>
2008-05-05 16:14:27 91563 --a------ C:\WINDOWS\lfn.exe
2008-05-05 16:14:21 20992 --a------ C:\WINDOWS\winself.exe
2008-05-05 15:56:55 0 d-------- C:\Documents and Settings\default\Application Data\WinRAR
2008-05-05 15:46:03 0 d-------- C:\Documents and Settings\default\Application Data\Sun
2008-05-05 15:43:49 0 d-------- C:\Program Files\uTorrent
2008-05-05 15:43:41 0 d-------- C:\Documents and Settings\default\Application Data\uTorrent
2008-05-05 15:39:59 0 d-------- C:\Program Files\PKWARE
2008-05-05 15:39:59 0 d-------- C:\Program Files\Common Files\PKWARE
2008-05-03 17:28:56 0 d-------- C:\Documents and Settings\Guest\Application Data\Macromedia
2008-05-03 17:28:56 0 d-------- C:\Documents and Settings\Guest\Application Data\Adobe
2008-05-03 17:27:10 0 d-------- C:\Documents and Settings\Guest\Application Data\Mozilla
2008-05-03 17:26:56 0 d-------- C:\Documents and Settings\Guest\Application Data\ATI
2008-05-03 17:26:52 0 d-------- C:\Documents and Settings\Guest\Application Data\Real
2008-05-03 17:26:38 0 d-------- C:\Documents and Settings\Guest\Application Data\Identities
2008-05-03 17:26:28 0 dr------- C:\Documents and Settings\Guest\Favorites
2008-05-03 17:26:28 0 d-------- C:\Documents and Settings\Guest\Desktop
2008-05-03 17:26:28 0 d--hs---- C:\Documents and Settings\Guest\Cookies
2008-05-03 17:26:28 0 dr-h----- C:\Documents and Settings\Guest\Application Data
2008-05-03 17:26:28 0 d---s---- C:\Documents and Settings\Guest\Application Data\Microsoft
2008-05-03 17:26:28 0 d-------- C:\Documents and Settings\Guest\Application Data\Apple Computer
2008-05-03 17:26:27 0 d--h----- C:\Documents and Settings\Guest\Templates
2008-05-03 17:26:27 0 dr------- C:\Documents and Settings\Guest\Start Menu
2008-05-03 17:26:27 0 dr-h----- C:\Documents and Settings\Guest\SendTo
2008-05-03 17:26:27 0 dr-h----- C:\Documents and Settings\Guest\Recent
2008-05-03 17:26:27 0 d--h----- C:\Documents and Settings\Guest\PrintHood
2008-05-03 17:26:27 1818624 --a------ C:\Documents and Settings\Guest\NTUSER.DAT
2008-05-03 17:26:27 0 d--h----- C:\Documents and Settings\Guest\NetHood
2008-05-03 17:26:27 0 dr------- C:\Documents and Settings\Guest\My Documents
2008-05-03 17:26:27 0 d--h----- C:\Documents and Settings\Guest\Local Settings
2008-05-03 09:48:49 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Real
2008-05-01 17:54:19 0 d-------- C:\WINDOWS\Sun
2008-05-01 17:54:18 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Sun
2008-05-01 12:18:54 0 d-------- C:\Program Files\Common Files\xing shared
2008-05-01 12:18:46 0 d-------- C:\Program Files\Real
2008-05-01 12:18:44 0 d-------- C:\Program Files\Common Files\Real
2008-05-01 12:18:43 0 d-------- C:\Documents and Settings\default\Application Data\Real
2008-05-01 10:12:08 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2008-05-01 10:12:08 118832 --a------ C:\WINDOWS\system32\SHW32.DLL <Not Verified; MicroQuill Software Publishing, Inc.; SmartHeap>
2008-05-01 09:39:09 0 d-------- C:\Program Files\EA SPORTS
2008-05-01 09:33:17 0 d-------- C:\WINDOWS\system32\appmgmt
2008-05-01 09:28:31 0 dr-h----- C:\Documents and Settings\default\Application Data\SecuROM
2008-05-01 08:53:17 0 d-------- C:\Program Files\Electronic Arts
2008-05-01 08:42:28 0 d-------- C:\WINDOWS\system32\AGEIA
2008-05-01 08:42:28 0 d-------- C:\Program Files\AGEIA Technologies
2008-05-01 08:42:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-30 18:03:07 0 d-------- C:\Documents and Settings\Jeanne\Application Data\CyberLink
2008-04-29 23:26:54 98304 -----n--- C:\WINDOWS\system32\a_jumtmp.dll
2008-04-29 23:26:51 0 d-------- C:\New Movie
2008-04-29 16:50:10 21 --a------ C:\WINDOWS\system32\mchnieasy.sys
2008-04-29 15:40:29 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-29 15:28:05 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-29 15:15:09 0 d-------- C:\WINDOWS\system32\LogFiles
2008-04-29 15:13:46 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-29 13:21:19 0 d-------- C:\Program Files\Apple Software Update
2008-04-28 22:22:36 0 d-------- C:\Documents and Settings\default\Application Data\Help
2008-04-28 22:21:13 0 d-------- C:\Documents and Settings\default\Application Data\CoreFTP
2008-04-28 22:18:50 0 d-------- C:\Program Files\CoreFTP
2008-04-28 21:11:11 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Move Networks
2008-04-27 12:24:40 453632 --a------ C:\WINDOWS\system32\stdvcl40.dll <Not Verified; Borland International; Standard VCL ActiveX Library>
2008-04-27 12:24:39 0 d-------- C:\Program Files\Web CEO
2008-04-27 10:01:25 0 d-------- C:\Documents and Settings\default\Application Data\DivX
2008-04-27 09:59:34 0 d-------- C:\Program Files\DivX
2008-04-26 16:45:38 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Macromedia
2008-04-26 16:45:18 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Mozilla
2008-04-26 16:35:16 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Adobe
2008-04-26 15:03:04 0 d-------- C:\Documents and Settings\All Users\Application Data\VCOM
2008-04-26 15:02:09 0 d-------- C:\Documents and Settings\default\Application Data\VCOM
2008-04-26 14:57:45 0 d-------- C:\Program Files\MotionArtist 2.0
2008-04-26 14:54:36 0 d-------- C:\Program Files\VCOM
2008-04-26 14:50:13 0 d-------- C:\Documents and Settings\default\Application Data\CyberLink
2008-04-26 14:49:47 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-04-26 13:54:22 0 d-------- C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-26 03:17:51 0 d-------- C:\Program Files\Native Instruments
2008-04-26 03:12:57 0 d-------- C:\Program Files\Kreatives.org
2008-04-26 03:10:35 0 d-------- C:\WINDOWS\usb-audio.deBehringer2902
2008-04-26 03:09:22 110272 -ra------ C:\WINDOWS\system32\drivers\BUSB2902.sys <Not Verified; BEHRINGER; BEHRINGER USB AUDIO DRIVER>
2008-04-26 03:07:20 0 d-------- C:\Program Files\Audacity
2008-04-26 02:34:12 0 d-------- C:\Documents and Settings\Jeanne\Application Data\ATI
2008-04-26 02:33:46 0 d-------- C:\Documents and Settings\Jeanne\Application Data\Identities
2008-04-26 02:33:21 0 d--h----- C:\Documents and Settings\Jeanne\Templates
2008-04-26 02:33:21 0 dr------- C:\Documents and Settings\Jeanne\Start Menu
2008-04-26 02:33:21 0 dr-h----- C:\Documents and Settings\Jeanne\SendTo
2008-04-26 02:33:21 0 dr-h----- C:\Documents and Settings\Jeanne\Recent
2008-04-26 02:33:21 0 d--h----- C:\Documents and Settings\Jeanne\PrintHood
2008-04-26 02:33:21 2621440 --a------ C:\Documents and Settings\Jeanne\NTUSER.DAT
2008-04-26 02:33:21 0 d--h----- C:\Documents and Settings\Jeanne\NetHood
2008-04-26 02:33:21 0 dr------- C:\Documents and Settings\Jeanne\My Documents
2008-04-26 02:33:21 0 d--h----- C:\Documents and Settings\Jeanne\Local Settings
2008-04-26 02:33:21 0 dr------- C:\Documents and Settings\Jeanne\Favorites
2008-04-26 02:33:21 0 d-------- C:\Documents and Settings\Jeanne\Desktop
2008-04-26 02:33:21 0 d--hs---- C:\Documents and Settings\Jeanne\Cookies
2008-04-26 02:33:21 0 dr-h----- C:\Documents and Settings\Jeanne\Application Data
2008-04-26 02:33:21 0 d---s---- C:\Documents and Settings\Jeanne\Application Data\Microsoft
2008-04-25 20:27:55 0 d-------- C:\Program Files\Steinberg
2008-04-25 20:27:55 0 d-------- C:\Documents and Settings\default\Application Data\Steinberg
2008-04-25 20:27:33 2892 --a------ C:\WINDOWS\system32\audcon.sys
2008-04-25 20:27:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Syncrosoft
2008-04-25 20:27:28 18432 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys <Not Verified; SIA Syncrosoft; USB protection device>
2008-04-25 20:26:00 45056 --a------ C:\WINDOWS\system32\Synsopos.exe <Not Verified; SIA Syncrosoft; Syncrosoft Synsopos>
2008-04-25 20:25:58 147456 --a------ C:\WINDOWS\system32\SynsoLChk.dll <Not Verified; SIA Syncrosoft; >
2008-04-25 20:25:58 757760 --a------ C:\WINDOWS\system32\SYNSOACC.dll <Not Verified; SIA Syncrosoft; SYNCROSOFT SYNSOACC>
2008-04-25 20:25:58 0 d-------- C:\Program Files\Syncrosoft
2008-04-25 20:01:27 0 d-------- C:\Documents and Settings\default\Application Data\LimeWire
2008-04-25 19:59:42 0 d-------- C:\Program Files\Java
2008-04-25 19:58:56 0 d-------- C:\Program Files\Common Files\Java
2008-04-25 19:55:00 0 d-------- C:\Program Files\LimeWire
2008-04-25 19:47:06 0 d-------- C:\Documents and Settings\default\Application Data\Apple Computer
2008-04-25 19:46:54 0 d-------- C:\Program Files\iPod
2008-04-25 19:46:51 0 d-------- C:\Program Files\iTunes
2008-04-25 19:46:41 0 d-------- C:\Program Files\Bonjour
2008-04-25 19:46:15 0 d-------- C:\Program Files\QuickTime
2008-04-25 19:46:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-25 19:45:56 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-25 19:45:45 0 d-------- C:\Program Files\Common Files\Apple
2008-04-25 19:45:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-04-25 19:07:00 0 d-------- C:\Documents and Settings\default\Application Data\Hewlett-Packard
2008-04-25 19:04:05 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-04-25 19:03:07 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-25 19:02:30 16618 -----n--- C:\WINDOWS\hpomdl01.dat
2008-04-25 19:02:30 20724 --a------ C:\WINDOWS\hpoins01.dat
2008-04-25 18:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-04-25 18:21:29 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-25 18:02:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-25 18:02:23 0 d-------- C:\Documents and Settings\default\Application Data\Mozilla
2008-04-25 12:37:18 0 d-------- C:\Program Files\MSXML 4.0
2008-04-25 12:27:04 0 d-------- C:\Documents and Settings\default\Application Data\ATI
2008-04-25 12:27:04 0 d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-25 12:26:08 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-25 12:20:12 0 d-------- C:\Program Files\Common Files\ATI Technologies
2008-04-25 12:16:58 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-04-25 12:08:41 0 d-------- C:\Program Files\Setup Files
2008-04-25 12:06:44 0 d-------- C:\Documents and Settings\default\Application Data\Macromedia
2008-04-25 12:06:44 0 d-------- C:\Documents and Settings\default\Application Data\Adobe
2008-04-25 11:39:04 0 d-------- C:\Program Files\Common Files\LightScribe
2008-04-25 11:38:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-25 11:35:47 0 d-------- C:\Program Files\Nero
2008-04-25 11:35:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-25 11:35:46 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-25 11:35:11 0 d-------- C:\WINDOWS\RegisteredPackages
2008-04-25 11:23:24 0 d-------- C:\MyWorks
2008-04-25 11:22:28 0 d-------- C:\Program Files\CyberLink
2008-04-25 11:14:40 0 d-------- C:\Program Files\Common Files\L&H
2008-04-25 11:14:33 0 d-------- C:\Program Files\Microsoft.NET
2008-04-25 11:14:27 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-25 11:14:03 0 d-------- C:\Program Files\Microsoft Works
2008-04-25 11:13:45 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-25 11:12:32 0 dr-h----- C:\MSOCache
2008-04-25 11:11:34 0 d-------- C:\Office2003
2008-04-25 11:04:53 0 d-------- C:\Program Files\Symantec
2008-04-25 11:04:49 0 d-------- C:\Program Files\Symantec AntiVirus
2008-04-25 11:04:49 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-25 11:04:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-25 11:04:01 0 d-------- C:\Nortoncorp10
2008-04-25 10:53:13 0 d-------- C:\Program Files\HP
2008-04-25 10:53:12 0 d-------- C:\WINDOWS\Downloaded Installations
2008-04-25 10:41:20 0 d-------- C:\WINDOWS\network diagnostic
2008-04-25 10:38:25 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-04-25 10:38:25 114688 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-04-25 10:38:25 0 d-------- C:\Documents and Settings\default\Application Data\Creative
2008-04-25 10:38:12 0 d-------- C:\WINDOWS\system32\data
2008-04-25 10:24:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-25 10:20:13 0 d-------- C:\WINDOWS\system32\PreInstall
2008-04-25 10:20:12 0 d--h----- C:\WINDOWS\$hf_mig$
2008-04-25 10:13:12 0 d--hs---- C:\Documents and Settings\default\UserData
2008-04-25 10:10:49 0 d-------- C:\Program Files\ATI Technologies
2008-04-25 10:10:40 516096 -----n--- C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-04-25 10:08:50 0 d-------- C:\Program Files\Realtek AC97
2008-04-25 10:08:49 40960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-04-25 10:08:48 307200 --a------ C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Update driver Tool>
2008-04-25 10:08:48 212992 --a------ C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing driver Tool>
2008-04-25 10:08:48 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-25 10:08:42 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-25 09:58:42 0 d-------- C:\Documents and Settings\default\Application Data\Identities
2008-04-25 09:58:37 0 d--h----- C:\Documents and Settings\default\Templates
2008-04-25 09:58:37 0 dr------- C:\Documents and Settings\default\Start Menu
2008-04-25 09:58:37 0 dr-h----- C:\Documents and Settings\default\SendTo
2008-04-25 09:58:37 0 dr-h----- C:\Documents and Settings\default\Recent
2008-04-25 09:58:37 0 d--h----- C:\Documents and Settings\default\PrintHood
2008-04-25 09:58:37 4194304 --ah----- C:\Documents and Settings\default\NTUSER.DAT
2008-04-25 09:58:37 0 d--h----- C:\Documents and Settings\default\NetHood
2008-04-25 09:58:37 0 dr------- C:\Documents and Settings\default\My Documents
2008-04-25 09:58:37 0 d--h----- C:\Documents and Settings\default\Local Settings
2008-04-25 09:58:37 0 dr------- C:\Documents and Settings\default\Favorites
2008-04-25 09:58:37 0 d-------- C:\Documents and Settings\default\Desktop
2008-04-25 09:58:37 0 d--hs---- C:\Documents and Settings\default\Cookies
2008-04-25 09:58:37 0 d--h----- C:\Documents and Settings\default\Application Data
2008-04-25 09:56:04 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-25 09:54:49 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-04-25 09:54:38 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-04-25 09:54:38 0 d-------- C:\WINDOWS\Prefetch
2008-04-25 09:54:37 229376 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-04-25 09:54:37 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-04-25 09:54:37 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-04-25 09:54:37 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-04-25 09:54:37 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-04-25 09:52:17 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-04-25 09:52:17 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-04-25 09:52:17 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-04-25 09:52:17 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-04-25 09:52:16 229376 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-04-25 09:49:03 0 d-------- C:\WINDOWS\system32\xircom
2008-04-25 09:49:03 0 d-------- C:\Program Files\microsoft frontpage
2008-04-25 09:48:54 229376 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-04-25 09:48:49 0 -rahs---- C:\MSDOS.SYS
2008-04-25 09:48:49 0 -rahs---- C:\IO.SYS
2008-04-25 09:48:49 0 --a------ C:\CONFIG.SYS
2008-04-25 09:48:49 0 --a------ C:\AUTOEXEC.BAT
2008-04-25 09:48:02 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-04-25 09:47:53 0 dr------- C:\WINDOWS\Offline Web Pages
2008-04-25 09:47:53 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-04-25 09:47:44 0 d--h----- C:\Program Files\WindowsUpdate
2008-04-25 09:47:24 0 d-------- C:\WINDOWS\system32\DirectX
2008-04-25 09:46:48 0 d---s---- C:\WINDOWS\Tasks
2008-04-25 09:46:47 0 d-------- C:\Program Files\Common Files\MSSoap
2008-04-25 09:46:42 0 d-------- C:\WINDOWS\srchasst
2008-04-25 09:46:41 0 d-------- C:\WINDOWS\system32\Macromed
2008-04-25 09:46:31 0 d-------- C:\Program Files\Movie Maker
2008-04-25 09:46:21 0 d-------- C:\WINDOWS\system32\Restore
2008-04-25 09:45:46 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-04-25 09:45:32 0 d-------- C:\WINDOWS\Registration
2008-04-25 09:45:26 0 d-------- C:\Program Files\Online Services
2008-04-25 09:45:20 0 d-------- C:\Program Files\Messenger
2008-04-25 09:45:16 0 d-------- C:\Program Files\MSN Gaming Zone
2008-04-25 09:44:30 0 d-------- C:\Program Files\Windows NT
2008-04-25 09:44:26 0 d-------- C:\WINDOWS\system32\MsDtc
2008-04-25 09:44:25 0 d-------- C:\WINDOWS\system32\Com
2008-04-24 12:39:00 0 d--hs---- C:\WINDOWS\Installer
2008-04-24 12:38:59 0 d-------- C:\Program Files\Common Files\ODBC
2008-04-24 12:38:55 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-04-24 12:38:54 0 dr------- C:\Program Files
2008-04-24 12:38:54 0 d-------- C:\Program Files\Common Files
2008-04-24 12:38:31 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-04-24 12:38:31 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-04-24 12:38:31 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-04-24 12:38:31 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-04-24 12:38:31 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-04-24 12:38:31 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-04-24 12:38:31 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-04-24 12:38:31 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-04-24 12:38:31 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-04-24 12:38:31 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-04-24 12:38:31 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-04-24 12:38:31 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-04-24 12:38:31 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-04-24 12:38:31 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-04-24 12:38:31 0 dr------- C:\Documents and Settings\All Users\Documents
2008-04-24 12:38:31 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-04-24 12:38:19 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-04-24 12:38:19 0 d-------- C:\WINDOWS\system32\CatRoot
2008-04-24 12:38:14 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-04-24 12:38:14 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-04-24 12:38:14 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-04-24 12:38:14 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-04-24 12:37:50 0 d--hs---- C:\System Volume Information
2008-04-24 12:37:50 0 d-------- C:\Documents and Settings
2008-04-24 12:30:48 0 d-------- C:\WINDOWS
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\WinSxS
2008-04-24 12:30:48 0 dr------- C:\WINDOWS\Web
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\twain_32
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\wins
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\wbem
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\usmt
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\spool
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\ShellExt
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\Setup
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\ras
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\oobe
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\npp
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\mui
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\IME
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\icsxml
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\ias
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\export
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\drivers
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-04-24 12:30:48 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\dhcp
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\config
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\3076
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\2052
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1054
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1042
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1041
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1037
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1033
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1031
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1028
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system32\1025
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\system
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\security
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Resources
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\repair
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Provisioning
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\PeerNet
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\pchealth
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\mui
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\msapps
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\msagent
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Media
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\java
2008-04-24 12:30:48 0 d--h----- C:\WINDOWS\inf
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\ime
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Help
2008-04-24 12:30:48 0 dr--s---- C:\WINDOWS\Fonts
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\ehome
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Driver Cache
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Debug
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Cursors
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Connection Wizard
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\Config
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\AppPatch
2008-04-24 12:30:48 0 d-------- C:\WINDOWS\addins
2008-04-13 11:21:50 17920 --a------ C:\WINDOWS\system32\Ntaccess.sys <Not Verified; Your Corporation; Your Product Name>


-- Find3M Report ---------------------------------------------------------------

2008-04-24 12:38:31 62 --ahs---- C:\Documents and Settings\default\Application Data\desktop.ini
2008-03-31 15:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 15:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 15:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 15:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 15:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-21 14:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 14:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 14:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 14:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/05/2008 06:25 PM 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/05/2008 06:25 PM 2050816]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/13/2005 09:05 PM]
"CTHelper"="CTHELPER.EXE" [04/09/2007 12:32 PM C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [04/09/2007 12:32 PM C:\WINDOWS\system32\Ctxfihlp.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04/08/2005 03:52 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04/17/2005 12:30 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 03:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [12/05/2006 10:55 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/01/2008 12:18 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/05/2008 06:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [08/23/2007 05:36 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [12/2/2002 9:08:34 PM]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [12/2/2002 8:56:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8300 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-07 11:01:40 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 958.48 MiB / 343.27 MiB
Pagefile Memory (total/avail): 2313.38 MiB / 1496.52 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1918.75 MiB

C: is Fixed (NTFS) - 224.87 GiB total, 207.54 GiB free.
D: is Fixed (NTFS) - 189.92 GiB total, 74.1 GiB free.
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Fixed (FAT32) - 8 GiB total, 0.87 GiB free.
J: is CDROM (UDF)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - Maxtor 6L200M0 - 189.92 GiB - 1 partition
\PARTITION0 - Installable File System - 189.92 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD2500JS-60MHB1 - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 8.01 GiB - I:
\PARTITION1 - Extended w/Extended Int 13 - 224.87 GiB - C:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)
AV: Symantec AntiVirus Corporate Edition v10.0.0.359 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\VCOM\\Web Easy Professional 6\\vcomFtp.exe"="C:\\Program Files\\VCOM\\Web Easy Professional 6\\vcomFtp.exe:*:Enabled:FTP Max Application"
"D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\\Program Files\\Activision\\Call of Duty\\CoDUOMP.exe"="D:\\Program Files\\Activision\\Call of Duty\\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\\Program Files\\VCOM\\Web Easy Professional 6\\WebEasy6.exe"="C:\\Program Files\\VCOM\\Web Easy Professional 6\\WebEasy6.exe:*:Enabled:Web Easy Application"
"D:\\Program Files\\123CopyDVD Pro\\123CopyDVD.exe"="D:\\Program Files\\123CopyDVD Pro\\123CopyDVD.exe:*:Enabled:123 Copy DVD Pro"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\default\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEFAULT-AD25463
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\default
LOGONSERVER=\\DEFAULT-AD25463
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\default\LOCALS~1\Temp
TMP=C:\DOCUME~1\default\LOCALS~1\Temp
USERDOMAIN=DEFAULT-AD25463
USERNAME=default
USERPROFILE=C:\Documents and Settings\default
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

default (admin)
Jeanne (admin)
Administrator (new local, admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.07.09 --> MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI AVIVO Codecs --> MsiExec.exe /I{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Audacity 1.2.3 --> "C:\Program Files\Audacity\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BEHRINGER USB AUDIO DRIVER --> C:\WINDOWS\usb-audio.deBehringer2902\Setup.exe /l1
Catalyst Control Center - Branding --> MsiExec.exe /I{65C49E8C-2F21-4A3E-9399-EE18B7833F65}
Core FTP LE 2.1 --> C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EA SPORTS online 2008 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\default\Desktop\HijackThis.exe" /uninstall
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1