PDA

View Full Version : I have no clue what's going on...



tankmon354
2009-01-05, 23:57
I don't really know what's going on but it seems like my comptuer is infected. I can't find what's wrong, used both spybot and my own antivirus program. I accidently click on a link, and now the entire computer seems to run very very slow, and all the programs sometimes dont run at all or the entire computer freezes.:sad:

here's the hijack log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:51:28, on 2009-1-5
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\System32\svchost.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 9849 bytes

Shaba
2009-01-09, 11:51
Hi tankmon354

Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site 1 (http://hype.free.googlepages.com/gmer.zip)
alternate download site 2 (http://www.castlecops.com/downloads-file-546.html)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:
*System Protection and Tracing
*Processes
*Save created processes to the log
*Drivers
*Save loaded drivers to the log
You will be prompted to restart your computer. Please do so.

Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..

tankmon354
2009-01-09, 22:38
kk done...here's the log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-09 15:34:02
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 83742008 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA807E350]
SSDT 8324E320 ZwQueryValueKey
SSDT 8330EA68 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA807E580]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalHandle] [0A93C100] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalUnlock] [0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalLock] [0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFlags] [0A93C0C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [0A93BA90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapValidate] [0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapCompact] [0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalUnlock] [0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalLock] [0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalHandle] [0A93C280] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3888] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?Video 5.2 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?Video 5.2 Compression Filter@FriendlyName Indeo? Video 5.2 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?Video 5.2 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?Video 5.2 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?Video 5.2 Compression Filter@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.14 ----

tankmon354
2009-01-10, 01:06
bump...sorry...my thread didnt seem to refresh

Shaba
2009-01-10, 12:12
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

tankmon354
2009-01-10, 23:19
okay got it done, 1st post log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-10 14:15:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 127 GB (53%) free of 238 GB
Total RAM: 766 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:07, on 2009-1-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
C:\WINDOWS\System32\logon.scr
C:\WINDOWS\system32\taskmgr.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10262 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-29 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-23 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-22 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-22 2403392]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2007-12-31 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2007-03-14 125632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-29 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StormCodec_Helper"=C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-11-26 97357]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2007-12-14 524288]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-23 33648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-02 68856]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-28 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-12-31 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-23 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Steam\steamapps\tankmon354\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\tankmon354\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\MindArk\Entropia Universe\ClientLoader.exe"="C:\Program Files\MindArk\Entropia Universe\ClientLoader.exe:*:Enabled:Entropia Universe"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.18.8"
"C:\TournamentDemo\System\UnrealTournament.exe"="C:\TournamentDemo\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{106f537c-30c4-11dd-a0ad-0019d12bb6d5}]
shell\Auto\command - kav6.0.1.411en
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kav6.0.1.411en

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84eacead-90fa-11dd-a163-0019d12bb6d5}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-01-10 11:36:18 ----DC---- C:\rsit
2009-01-09 23:34:39 ----DC---- C:\Program Files\Veoh Networks
2009-01-09 15:01:53 ----AC---- C:\WINDOWS\gmer.ini
2009-01-09 15:01:26 ----AC---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-09 15:01:25 ----AC---- C:\WINDOWS\gmer.dll
2009-01-09 15:01:19 ----AC---- C:\WINDOWS\gmer.exe
2009-01-09 07:29:48 ----AC---- C:\gmer.exe
2009-01-05 16:27:15 ----DC---- C:\Program Files\Trend Micro
2009-01-04 18:28:51 ----DC---- C:\Program Files\Spybot - Search & Destroy
2009-01-04 18:28:51 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 14:16:24 ----DC---- C:\Program Files\NHN USA
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\PubPlugin.dll
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\ijjiSetup.exe
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\ijjiPlugin2.dll
2008-12-28 15:32:50 ----AC---- C:\WINDOWS\GunzLauncher.INI
2008-12-28 15:12:56 ----DC---- C:\ijji
2008-12-28 15:11:15 ----DC---- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-12-27 00:31:12 ----AC---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-27 00:31:12 ----AC---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-27 00:31:10 ----AC---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-27 00:31:08 ----AC---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-27 00:31:07 ----AC---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-27 00:31:07 ----AC---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-27 00:31:06 ----AC---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-27 00:31:05 ----AC---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-27 00:31:05 ----AC---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-27 00:31:04 ----AC---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-27 00:31:04 ----AC---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-27 00:31:02 ----AC---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-27 00:31:01 ----AC---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-27 00:31:01 ----AC---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-27 00:31:00 ----AC---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-27 00:31:00 ----AC---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-27 00:30:59 ----AC---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-27 00:30:58 ----AC---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-27 00:30:58 ----AC---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-27 00:30:55 ----AC---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-27 00:30:55 ----AC---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-27 00:30:54 ----AC---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-27 00:30:54 ----AC---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-27 00:30:52 ----AC---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-27 00:30:52 ----AC---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-27 00:25:58 ----HDC---- C:\WINDOWS\msdownld.tmp
2008-12-27 00:25:45 ----DC---- C:\WINDOWS\Logs
2008-12-26 21:00:47 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2008-12-26 20:50:09 ----C---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-12-26 20:49:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-12-26 20:49:43 ----DC---- C:\f58ac1e88cc32bd2a8a2556445c8
2008-12-26 20:24:23 ----DC---- C:\Documents and Settings\Owner\Application Data\NSeries
2008-12-26 20:02:19 ----AC---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2008-12-26 20:02:19 ----AC---- C:\WINDOWS\system32\nmwcdcocls.dll
2008-12-26 18:57:04 ----DC---- C:\Documents and Settings\All Users\Application Data\Nokia
2008-12-26 18:53:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Installations
2008-12-26 18:47:54 ----DC---- C:\Program Files\Common Files\muvee Technologies
2008-12-26 18:45:29 ----DC---- C:\Documents and Settings\Owner\Application Data\Nokia
2008-12-26 18:45:25 ----DC---- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-12-26 18:44:32 ----DC---- C:\WINDOWS\Globalization
2008-12-26 18:43:48 ----DC---- C:\Program Files\Common Files\Nokia
2008-12-26 18:43:13 ----DC---- C:\WINDOWS\Downloaded Installations
2008-12-26 18:41:35 ----DC---- C:\Program Files\Common Files\PCSuite
2008-12-26 18:36:09 ----DC---- C:\Program Files\DIFX
2008-12-26 18:35:56 ----DC---- C:\Documents and Settings\Owner\Application Data\PC Suite
2008-12-26 18:34:38 ----AC---- C:\WINDOWS\system32\nmwcdcls.dll
2008-12-26 18:34:37 ----DC---- C:\Program Files\Nokia
2008-12-24 13:50:01 ----DC---- C:\Program Files\Guitar Pro 5
2008-12-22 23:26:47 ----DC---- C:\Program Files\GALA-NET
2008-12-20 11:32:27 ----DC---- C:\WINDOWS\system32\NtmsData
2008-12-20 01:38:46 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-19 18:30:00 ----AC---- C:\WINDOWS\system32\frapsvid.dll
2008-12-11 00:19:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 00:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 00:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 00:16:42 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-10 14:50:10 ----DC---- C:\WINDOWS\Prefetch
2009-01-10 12:14:59 ----DC---- C:\WINDOWS\system32\Lang
2009-01-10 11:46:08 ----DC---- C:\WINDOWS\Temp
2009-01-10 11:25:55 ----DC---- C:\Program Files\Mozilla Firefox
2009-01-10 01:01:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-09 23:34:39 ----RDC---- C:\Program Files
2009-01-09 20:01:04 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-01-09 15:11:24 ----DC---- C:\WINDOWS
2009-01-09 15:01:26 ----DC---- C:\WINDOWS\system32\drivers
2009-01-09 14:11:40 ----DC---- C:\WINDOWS\system32\config
2009-01-08 19:58:11 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-01-05 16:12:53 ----SHC---- C:\boot.ini
2009-01-05 16:12:53 ----AC---- C:\WINDOWS\win.ini
2009-01-05 16:12:53 ----AC---- C:\WINDOWS\system.ini
2009-01-05 16:12:44 ----DC---- C:\WINDOWS\pss
2009-01-04 15:57:39 ----DC---- C:\WINDOWS\system32\wbem
2009-01-04 15:57:35 ----DC---- C:\WINDOWS\Registration
2009-01-04 15:48:34 ----DC---- C:\Documents and Settings
2008-12-30 14:50:37 ----DC---- C:\Program Files\Diablo II
2008-12-29 14:16:24 ----SDC---- C:\WINDOWS\Downloaded Program Files
2008-12-29 14:16:24 ----DC---- C:\WINDOWS\system32
2008-12-29 14:16:22 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-12-29 12:05:09 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-12-29 11:59:04 ----DC---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-12-28 16:09:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-28 15:24:21 ----HDC---- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-12-28 14:47:51 ----DC---- C:\Program Files\Steam
2008-12-27 21:59:40 ----DC---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-12-27 00:31:14 ----DC---- C:\WINDOWS\system32\DirectX
2008-12-27 00:31:12 ----HDC---- C:\WINDOWS\inf
2008-12-27 00:30:51 ----RSDC---- C:\WINDOWS\assembly
2008-12-26 21:02:10 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-26 21:01:24 ----DC---- C:\WINDOWS\system32\LogFiles
2008-12-26 20:58:06 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 20:55:49 ----AC---- C:\WINDOWS\imsins.BAK
2008-12-26 20:02:27 ----SHDC---- C:\WINDOWS\Installer
2008-12-26 20:02:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-26 18:54:19 ----DC---- C:\WINDOWS\WinSxS
2008-12-26 18:54:15 ----RSDC---- C:\WINDOWS\Fonts
2008-12-26 18:47:54 ----DC---- C:\Program Files\Common Files
2008-12-24 12:45:50 ----DC---- C:\TEMP
2008-12-20 16:03:52 ----DC---- C:\WINDOWS\system32\CatRoot
2008-12-18 00:57:26 ----HDC---- C:\WINDOWS\$hf_mig$
2008-12-13 01:26:56 ----AC---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 22:41:11 ----DC---- C:\WINDOWS\Minidump
2008-12-11 00:20:31 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-11 00:19:09 ----DC---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2007-12-31 12160]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-09 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-31 62336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-12-31 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\navex15.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-08-24 74752]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-02-12 12944]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-02-12 110736]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-02-12 31888]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20090102.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-02-12 28304]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 DW;DW; C:\WINDOWS\system32\drivers\DW.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 dwusbdnt;dwusbdnt; C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-12-31 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva136;XDva136; \??\C:\WINDOWS\system32\XDva136.sys []
S3 XDva164;XDva164; \??\C:\WINDOWS\system32\XDva164.sys []
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-28 536576]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2007-03-05 87680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2007-03-05 173696]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-23 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

tankmon354
2009-01-10, 23:21
the 2nd post, info.txt

info.txt logfile of random's system information tool 1.05 2009-01-10 14:56:33

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon MF Toolbox 4.9.1.1.mf03-->MsiExec.exe /I{DD929BD3-5D41-4407-BE04-119B4A631869}
Canon MF4100 Series-->"C:\WINDOWS\system32\CanonMF Uninstaller Information\{239A8D60-270B-42e8-82D3-60D70A2942E0}\misc\DelDrv.exe" /U:{239A8D60-270B-42e8-82D3-60D70A2942E0} /L0x0000
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Entropia Universe-->C:\Program Files\MindArk\Entropia Universe\Uninstall.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LOSI 0.2-->C:\Program Files\LiteStep\Uninstall.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHT-->MsiExec.exe /I{62BD272C-8321-3177-912F-1134326A7187}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CHT-->MsiExec.exe /I{45C688DE-63BA-3756-839B-4AF3F209E21A}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - cht-->MsiExec.exe /I{9EB3D421-CE81-3AC9-BFA8-354FA3D1DD60}
Microsoft .NET Framework 3.5 語言套件 - 繁體中文-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - cht\setup.exe
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPIO Manager 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{224F7A6E-1D66-46B6-888A-D115E5AC20F6}\setup.exe"
MPIO Plugins Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FBF4810-CC11-4985-BD7B-4E80536075FD}\setup.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed? Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Neffy 1,2,1,4-->C:\Program Files\Neffy\uninst.exe
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Download!-->MsiExec.exe /X{301BEB64-7C38-4BB5-8F94-62E6160532C8}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia NSeries Application Installer 6.83.11-->msiexec /qn /x {82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Application Installer-->MsiExec.exe /I{82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Content Copier 6.83.11-->msiexec /qn /x {90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Content Copier-->MsiExec.exe /X{90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Music Manager 6.83.11-->msiexec /qn /x {CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries Music Manager-->MsiExec.exe /I{CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries One Touch Access 6.83.11-->msiexec /qn /x {89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia NSeries One Touch Access-->MsiExec.exe /I{89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia Nseries PC Suite-->MsiExec.exe /I{5A41F810-D0AF-4B50-8F11-C242C76F6D24}
Nokia NSeries System Utilities 6.83.11-->msiexec /qn /x {97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia NSeries System Utilities-->MsiExec.exe /X{97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Photos-->MsiExec.exe /I{7EE94A24-188A-4D98-9018-37857701996E}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! PageManager 7.15.11-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\Setup.exe" -l0x9 anything
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rumble Fighter-->"C:\Program Files\OGPlanet\RumbleFighter\uninstall.exe"
S4 League-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}\setup.exe" -l0x9
Samsung CLP-300 Series-->C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
Symantec Client Security-->MsiExec.exe /I{D0E46FF4-2775-4BD9-9467-B62B702D470E}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

System event log

Computer Name: FRANCIS-10D475A
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{61074C65-A664-423D-A100-B494761EFFAA} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5
Source Name: Tcpip
Time Written: 20090105072106.000000-300
Event Type: information
User:

Computer Name: FRANCIS-10D475A
Event Code: 45062
Message: CRT invalid display type

Record Number: 4
Source Name: ati2mtag
Time Written: 20090105072106.000000-300
Event Type: error
User:

Computer Name: FRANCIS-10D475A
Event Code: 3100
Message: The Microsoft IPv6 Developer Edition driver was started.

Record Number: 3
Source Name: Tcpip6
Time Written: 20090105072106.000000-300
Event Type: information
User:

Computer Name: FRANCIS-10D475A
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090105072056.000000-300
Event Type: information
User:

Computer Name: FRANCIS-10D475A
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090105072056.000000-300
Event Type: information
User:

Application event log

Computer Name: FRANCIS-10D475A
Event Code: 35
Message: The 'Symantec Network Proxy' service has started.

Record Number: 9768
Source Name: ccProxy
Time Written: 20081125061434.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 1
Message: Application started

Record Number: 9767
Source Name: SNDSrvc
Time Written: 20081125061431.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 35
Message:
Record Number: 9766
Source Name: ISService
Time Written: 20081125061431.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 26
Message: Application starting

Record Number: 9765
Source Name: SNDSrvc
Time Written: 20081125061431.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 34
Message:
Record Number: 9764
Source Name: ISService
Time Written: 20081125061430.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------


thanks

Shaba
2009-01-11, 12:12
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.8

I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt from c:\rsit folder.

Please run a new RSIT scan when finished and post the log back here.

tankmon354
2009-01-11, 18:33
okay uninstalled limewire
here's the new info.txt

info.txt logfile of random's system information tool 1.05 2009-01-11 11:27:37

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CF63063-BD94-4A8B-9966-B6FDC3F55B38}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ALUpdate-->"C:\Program Files\ESTsoft\ALUpdate\unins000.exe"
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Canon MF Toolbox 4.9.1.1.mf03-->MsiExec.exe /I{DD929BD3-5D41-4407-BE04-119B4A631869}
Canon MF4100 Series-->"C:\WINDOWS\system32\CanonMF Uninstaller Information\{239A8D60-270B-42e8-82D3-60D70A2942E0}\misc\DelDrv.exe" /U:{239A8D60-270B-42e8-82D3-60D70A2942E0} /L0x0000
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Diablo II-->C:\Program Files\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Entropia Universe-->C:\Program Files\MindArk\Entropia Universe\Uninstall.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ijji - Gunz-->C:\ijji\ENGLISH\Gunz\Uninstall.exe
ijji Auto Installer-->"C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LOSI 0.2-->C:\Program Files\LiteStep\Uninstall.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CHT-->MsiExec.exe /I{62BD272C-8321-3177-912F-1134326A7187}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CHT-->MsiExec.exe /I{45C688DE-63BA-3756-839B-4AF3F209E21A}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - cht-->MsiExec.exe /I{9EB3D421-CE81-3AC9-BFA8-354FA3D1DD60}
Microsoft .NET Framework 3.5 語言套件 - 繁體中文-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - cht\setup.exe
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPIO Manager 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{224F7A6E-1D66-46B6-888A-D115E5AC20F6}\setup.exe"
MPIO Plugins Pack-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FBF4810-CC11-4985-BD7B-4E80536075FD}\setup.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speed? Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Neffy 1,2,1,4-->C:\Program Files\Neffy\uninst.exe
Nero 7 Essentials-->MsiExec.exe /X{9B4E6CB9-E54D-47F7-A414-E2D5740E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}
Nokia Download!-->MsiExec.exe /X{301BEB64-7C38-4BB5-8F94-62E6160532C8}
Nokia Flashing Cable Driver-->MsiExec.exe /X{D99C322D-C21B-40C7-AE71-EE51AA096B6E}
Nokia Map Loader-->MsiExec.exe /I{03528A01-7E5E-4C5F-94DF-1D8012E969EF}
Nokia NSeries Application Installer 6.83.11-->msiexec /qn /x {82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Application Installer-->MsiExec.exe /I{82C0BCC7-A3ED-4AD9-9C94-6E71CAFC939E}
Nokia NSeries Content Copier 6.83.11-->msiexec /qn /x {90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Content Copier-->MsiExec.exe /X{90870373-8351-4F73-B5C1-73A9A01BAAEA}
Nokia NSeries Music Manager 6.83.11-->msiexec /qn /x {CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries Music Manager-->MsiExec.exe /I{CA585226-334C-4411-8F52-0C7F58BC932A}
Nokia NSeries One Touch Access 6.83.11-->msiexec /qn /x {89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia NSeries One Touch Access-->MsiExec.exe /I{89A33B7F-A5C2-4F18-AD71-AC29278507B7}
Nokia Nseries PC Suite-->MsiExec.exe /I{5A41F810-D0AF-4B50-8F11-C242C76F6D24}
Nokia NSeries System Utilities 6.83.11-->msiexec /qn /x {97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia NSeries System Utilities-->MsiExec.exe /X{97B21A40-E5B6-4887-9CC4-38FB416A2998}
Nokia Nseries Video Manager-->MsiExec.exe /X{2D21ECE3-8EC1-4315-AE4E-1970FB3AF17A}
Nokia Photos-->MsiExec.exe /I{7EE94A24-188A-4D98-9018-37857701996E}
Nokia Software Updater-->MsiExec.exe /X{59367F7E-D7C1-4629-8AEC-71AA24A68F31}
PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pinnacle VideoSpin-->MsiExec.exe /X{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Presto! PageManager 7.15.11-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA52A1AC-D35D-4D25-8686-9466FE2C5CE5}\Setup.exe" -l0x9 anything
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rumble Fighter-->"C:\Program Files\OGPlanet\RumbleFighter\uninstall.exe"
S4 League-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D99223D4-1F48-47BD-ADFD-D43C91CDFD00}\setup.exe" -l0x9
Samsung CLP-300 Series-->C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SMART Ideas 5-->MsiExec.exe /X{1C8CE195-F105-44B4-9F59-4AA1ECF403E4}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Storm Codec-->C:\Program Files\Ringz Studio\Storm Codec\uninst7.02.01.exe
Symantec Client Security-->MsiExec.exe /I{D0E46FF4-2775-4BD9-9467-B62B702D470E}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

Securitycenter WMI appears to be broken

System event log

Computer Name: FRANCIS-10D475A
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{61074C65-A664-423D-A100-B494761EFFAA} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 5
Source Name: Tcpip
Time Written: 20090105072106.000000-300
Event Type: information
User:

Computer Name: FRANCIS-10D475A
Event Code: 45062
Message: CRT invalid display type

Record Number: 4
Source Name: ati2mtag
Time Written: 20090105072106.000000-300
Event Type: error
User:

Computer Name: FRANCIS-10D475A
Event Code: 3100
Message: The Microsoft IPv6 Developer Edition driver was started.

Record Number: 3
Source Name: Tcpip6
Time Written: 20090105072106.000000-300
Event Type: information
User:

Computer Name: FRANCIS-10D475A
Event Code: 6005
Message: The Event log service was started.

Record Number: 2
Source Name: EventLog
Time Written: 20090105072056.000000-300
Event Type: information
User:

Computer Name: FRANCIS-10D475A
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090105072056.000000-300
Event Type: information
User:

Application event log

Computer Name: FRANCIS-10D475A
Event Code: 34
Message:
Record Number: 9862
Source Name: ISService
Time Written: 20081128112255.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 34
Message: The 'Symantec Network Proxy' service is starting.

Record Number: 9861
Source Name: ccProxy
Time Written: 20081128112255.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 35
Message: The 'Symantec Event Manager' service has started.

Record Number: 9860
Source Name: ccEvtMgr
Time Written: 20081128112255.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 34
Message: The 'Symantec Event Manager' service is starting.

Record Number: 9859
Source Name: ccEvtMgr
Time Written: 20081128112252.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: FRANCIS-10D475A
Event Code: 35
Message: The 'Symantec Settings Manager' service has started.

Record Number: 9858
Source Name: ccSetMgr
Time Written: 20081128112252.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Nokia\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Pinnacle\Shared Files\;C:\Program Files\Pinnacle\Shared Files\Filter\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

tankmon354
2009-01-11, 18:35
2nd post, here's the new log.txt (log2.txt)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-11 11:02:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 126 GB (53%) free of 238 GB
Total RAM: 766 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:33, on 2009-1-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10295 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-29 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-23 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-22 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-22 2403392]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2007-12-31 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2007-03-14 125632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-29 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StormCodec_Helper"=C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-11-26 97357]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2007-12-14 524288]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-23 33648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-02 68856]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-28 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-12-31 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-23 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:μTorrent"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Steam\steamapps\tankmon354\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\tankmon354\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\MindArk\Entropia Universe\ClientLoader.exe"="C:\Program Files\MindArk\Entropia Universe\ClientLoader.exe:*:Enabled:Entropia Universe"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.18.8"
"C:\TournamentDemo\System\UnrealTournament.exe"="C:\TournamentDemo\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{106f537c-30c4-11dd-a0ad-0019d12bb6d5}]
shell\Auto\command - kav6.0.1.411en
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kav6.0.1.411en

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84eacead-90fa-11dd-a163-0019d12bb6d5}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-01-11 10:33:44 ----DC---- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
2009-01-11 10:33:32 ----DC---- C:\Program Files\SMART Ideas 5
2009-01-10 11:36:18 ----DC---- C:\rsit
2009-01-09 23:34:39 ----DC---- C:\Program Files\Veoh Networks
2009-01-09 15:01:53 ----AC---- C:\WINDOWS\gmer.ini
2009-01-09 15:01:26 ----AC---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-09 15:01:25 ----AC---- C:\WINDOWS\gmer.dll
2009-01-09 15:01:19 ----AC---- C:\WINDOWS\gmer.exe
2009-01-09 07:29:48 ----AC---- C:\gmer.exe
2009-01-05 16:27:15 ----DC---- C:\Program Files\Trend Micro
2009-01-04 18:28:51 ----DC---- C:\Program Files\Spybot - Search & Destroy
2009-01-04 18:28:51 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 14:16:24 ----DC---- C:\Program Files\NHN USA
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\PubPlugin.dll
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\ijjiSetup.exe
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\ijjiPlugin2.dll
2008-12-28 15:32:50 ----AC---- C:\WINDOWS\GunzLauncher.INI
2008-12-28 15:12:56 ----DC---- C:\ijji
2008-12-28 15:11:15 ----DC---- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-12-27 00:31:12 ----AC---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-27 00:31:12 ----AC---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-27 00:31:10 ----AC---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-27 00:31:08 ----AC---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-27 00:31:07 ----AC---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-27 00:31:07 ----AC---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-27 00:31:06 ----AC---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-27 00:31:05 ----AC---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-27 00:31:05 ----AC---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-27 00:31:04 ----AC---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-27 00:31:04 ----AC---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-27 00:31:02 ----AC---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-27 00:31:01 ----AC---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-27 00:31:01 ----AC---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-27 00:31:00 ----AC---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-27 00:31:00 ----AC---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-27 00:30:59 ----AC---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-27 00:30:58 ----AC---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-27 00:30:58 ----AC---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-27 00:30:55 ----AC---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-27 00:30:55 ----AC---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-27 00:30:54 ----AC---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-27 00:30:54 ----AC---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-27 00:30:52 ----AC---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-27 00:30:52 ----AC---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-27 00:25:58 ----HDC---- C:\WINDOWS\msdownld.tmp
2008-12-27 00:25:45 ----DC---- C:\WINDOWS\Logs
2008-12-26 21:00:47 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2008-12-26 20:50:09 ----C---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-12-26 20:49:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-12-26 20:49:43 ----DC---- C:\f58ac1e88cc32bd2a8a2556445c8
2008-12-26 20:24:23 ----DC---- C:\Documents and Settings\Owner\Application Data\NSeries
2008-12-26 20:02:19 ----AC---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2008-12-26 20:02:19 ----AC---- C:\WINDOWS\system32\nmwcdcocls.dll
2008-12-26 18:57:04 ----DC---- C:\Documents and Settings\All Users\Application Data\Nokia
2008-12-26 18:53:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Installations
2008-12-26 18:47:54 ----DC---- C:\Program Files\Common Files\muvee Technologies
2008-12-26 18:45:29 ----DC---- C:\Documents and Settings\Owner\Application Data\Nokia
2008-12-26 18:45:25 ----DC---- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-12-26 18:44:32 ----DC---- C:\WINDOWS\Globalization
2008-12-26 18:43:48 ----DC---- C:\Program Files\Common Files\Nokia
2008-12-26 18:43:13 ----DC---- C:\WINDOWS\Downloaded Installations
2008-12-26 18:41:35 ----DC---- C:\Program Files\Common Files\PCSuite
2008-12-26 18:36:09 ----DC---- C:\Program Files\DIFX
2008-12-26 18:35:56 ----DC---- C:\Documents and Settings\Owner\Application Data\PC Suite
2008-12-26 18:34:38 ----AC---- C:\WINDOWS\system32\nmwcdcls.dll
2008-12-26 18:34:37 ----DC---- C:\Program Files\Nokia
2008-12-24 13:50:01 ----DC---- C:\Program Files\Guitar Pro 5
2008-12-22 23:26:47 ----DC---- C:\Program Files\GALA-NET
2008-12-20 11:32:27 ----DC---- C:\WINDOWS\system32\NtmsData
2008-12-20 01:38:46 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-19 18:30:00 ----AC---- C:\WINDOWS\system32\frapsvid.dll

======List of files/folders modified in the last 1 months======

2009-01-11 11:16:36 ----DC---- C:\WINDOWS\Temp
2009-01-11 10:41:57 ----SHDC---- C:\WINDOWS\Installer
2009-01-11 10:33:32 ----RDC---- C:\Program Files
2009-01-11 10:24:42 ----DC---- C:\WINDOWS\Prefetch
2009-01-11 09:55:11 ----DC---- C:\Program Files\Mozilla Firefox
2009-01-11 09:33:23 ----DC---- C:\WINDOWS\system32\Lang
2009-01-11 00:58:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 22:42:00 ----DC---- C:\WINDOWS\system32\config
2009-01-09 20:01:04 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-01-09 15:11:24 ----DC---- C:\WINDOWS
2009-01-09 15:01:26 ----DC---- C:\WINDOWS\system32\drivers
2009-01-08 19:58:11 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-01-05 16:12:53 ----SHC---- C:\boot.ini
2009-01-05 16:12:53 ----AC---- C:\WINDOWS\win.ini
2009-01-05 16:12:53 ----AC---- C:\WINDOWS\system.ini
2009-01-05 16:12:44 ----DC---- C:\WINDOWS\pss
2009-01-04 15:57:39 ----DC---- C:\WINDOWS\system32\wbem
2009-01-04 15:57:35 ----DC---- C:\WINDOWS\Registration
2009-01-04 15:48:34 ----DC---- C:\Documents and Settings
2008-12-30 14:50:37 ----DC---- C:\Program Files\Diablo II
2008-12-29 14:16:24 ----SDC---- C:\WINDOWS\Downloaded Program Files
2008-12-29 14:16:24 ----DC---- C:\WINDOWS\system32
2008-12-29 14:16:22 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-12-29 12:05:09 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-12-29 11:59:04 ----DC---- C:\Documents and Settings\Owner\Application Data\uTorrent
2008-12-28 16:09:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-28 15:24:21 ----HDC---- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-12-28 14:47:51 ----DC---- C:\Program Files\Steam
2008-12-27 21:59:40 ----DC---- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-12-27 00:31:14 ----DC---- C:\WINDOWS\system32\DirectX
2008-12-27 00:31:12 ----HDC---- C:\WINDOWS\inf
2008-12-27 00:30:51 ----RSDC---- C:\WINDOWS\assembly
2008-12-26 21:02:10 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-26 21:01:24 ----DC---- C:\WINDOWS\system32\LogFiles
2008-12-26 20:58:06 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 20:55:49 ----AC---- C:\WINDOWS\imsins.BAK
2008-12-26 20:02:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-26 18:54:19 ----DC---- C:\WINDOWS\WinSxS
2008-12-26 18:54:15 ----RSDC---- C:\WINDOWS\Fonts
2008-12-26 18:47:54 ----DC---- C:\Program Files\Common Files
2008-12-24 12:45:50 ----DC---- C:\TEMP
2008-12-20 16:03:52 ----DC---- C:\WINDOWS\system32\CatRoot
2008-12-18 00:57:26 ----HDC---- C:\WINDOWS\$hf_mig$
2008-12-13 01:26:56 ----AC---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2007-12-31 12160]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-09 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-31 62336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-12-31 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\navex15.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-08-24 74752]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-02-12 12944]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-02-12 110736]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-02-12 31888]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20090102.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-02-12 28304]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 DW;DW; C:\WINDOWS\system32\drivers\DW.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 dwusbdnt;dwusbdnt; C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-12-31 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva136;XDva136; \??\C:\WINDOWS\system32\XDva136.sys []
S3 XDva164;XDva164; \??\C:\WINDOWS\system32\XDva164.sys []
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-28 536576]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2007-03-05 87680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2007-03-05 173696]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-23 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Shaba
2009-01-11, 19:52
Go to Start > Run
Type regedit and click OK.

On the leftside, click to highlight My Computer at the top.
Go up to "File > Export"
Make sure in that window there is a tick next to "All" under Export Branch.
Leave the "Save As Type" as \Registration Files".
Under "Filename" put backup
Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
Click Save and then go to File > Exit.

Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).

Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



:files
C:\Documents and Settings\Owner\Application Data\uTorrent
C:\Documents and Settings\Owner\Application Data\LimeWire
C:\Program Files\uTorrent
C:\Program Files\LimeWire

:reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-
"C:\Program Files\LimeWire\LimeWire.exe"=-
:commands
[EmptyTemp]
[reboot]


Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log
- otmoveit3 log

tankmon354
2009-01-11, 22:05
okay here's the results of the otmoveit

========== FILES ==========
C:\Documents and Settings\Owner\Application Data\uTorrent moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes\windows_theme moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\promotion moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\certificate moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Owner\Application Data\LimeWire moved successfully.
C:\Program Files\uTorrent moved successfully.
File/Folder C:\Program Files\LimeWire not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
========== COMMANDS ==========

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01112009_150340





(2nd & 3rd post the new rsit log)

tankmon354
2009-01-11, 22:19
aaa here's the new rsit log (but only the log.txt, there wasn't any info.txt)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-11 15:07:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 126 GB (53%) free of 238 GB
Total RAM: 766 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:53, on 2009-1-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\MSPUB.EXE
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10345 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-29 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-23 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2008-04-22 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-28 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-04-22 2403392]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2007-12-31 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-11-21 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2007-03-14 125632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-11-23 56928]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-29 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"StormCodec_Helper"=C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe [2006-11-26 97357]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2007-12-14 524288]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-23 33648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-02 68856]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-28 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-03-14 43712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-12-31 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-23 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Steam\steamapps\tankmon354\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\tankmon354\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\MindArk\Entropia Universe\ClientLoader.exe"="C:\Program Files\MindArk\Entropia Universe\ClientLoader.exe:*:Enabled:Entropia Universe"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"C:\TournamentDemo\System\UnrealTournament.exe"="C:\TournamentDemo\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\alaplaya\S4League\S4Client.exe"="C:\Program Files\alaplaya\S4League\S4Client.exe:*:Enabled:Project S4 Client.exe"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\ijji\ENGLISH\Gunz\GunzLauncher.exe"="C:\ijji\ENGLISH\Gunz\GunzLauncher.exe:*:Enabled:Gunz"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\SMART Ideas 5\bin\Ideas.exe"="C:\Program Files\SMART Ideas 5\bin\Ideas.exe:*:Enabled:SMART Ideas"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{106f537c-30c4-11dd-a0ad-0019d12bb6d5}]
shell\Auto\command - kav6.0.1.411en
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kav6.0.1.411en

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84eacead-90fa-11dd-a163-0019d12bb6d5}]
shell\Auto\command - auto.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe


======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2009-01-11 15:03:40 ----DC---- C:\_OTMoveIt
2009-01-11 14:30:46 ----DC---- C:\Documents and Settings\Owner\Application Data\SMART Technologies Inc
2009-01-11 10:33:44 ----DC---- C:\Documents and Settings\All Users\Application Data\SMART Technologies Inc
2009-01-11 10:33:32 ----DC---- C:\Program Files\SMART Ideas 5
2009-01-10 11:36:18 ----DC---- C:\rsit
2009-01-09 23:34:39 ----DC---- C:\Program Files\Veoh Networks
2009-01-09 15:01:53 ----AC---- C:\WINDOWS\gmer.ini
2009-01-09 15:01:26 ----AC---- C:\WINDOWS\gmer_uninstall.cmd
2009-01-09 15:01:25 ----AC---- C:\WINDOWS\gmer.dll
2009-01-09 15:01:19 ----AC---- C:\WINDOWS\gmer.exe
2009-01-09 07:29:48 ----AC---- C:\gmer.exe
2009-01-05 16:27:15 ----DC---- C:\Program Files\Trend Micro
2009-01-04 18:28:51 ----DC---- C:\Program Files\Spybot - Search & Destroy
2009-01-04 18:28:51 ----DC---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-29 14:16:24 ----DC---- C:\Program Files\NHN USA
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\PubPlugin.dll
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\ijjiSetup.exe
2008-12-29 14:16:24 ----AC---- C:\WINDOWS\system32\ijjiPlugin2.dll
2008-12-28 15:32:50 ----AC---- C:\WINDOWS\GunzLauncher.INI
2008-12-28 15:12:56 ----DC---- C:\ijji
2008-12-28 15:11:15 ----DC---- C:\Documents and Settings\All Users\Application Data\IJJIGame
2008-12-27 00:31:12 ----AC---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-27 00:31:12 ----AC---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-27 00:31:11 ----AC---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-27 00:31:10 ----AC---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-27 00:31:09 ----AC---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-27 00:31:08 ----AC---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-27 00:31:07 ----AC---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-27 00:31:07 ----AC---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-27 00:31:06 ----AC---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-27 00:31:05 ----AC---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-27 00:31:05 ----AC---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-27 00:31:04 ----AC---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-27 00:31:04 ----AC---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-27 00:31:03 ----AC---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-27 00:31:02 ----AC---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-27 00:31:01 ----AC---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-27 00:31:01 ----AC---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-27 00:31:00 ----AC---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-27 00:31:00 ----AC---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-27 00:30:59 ----AC---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-27 00:30:58 ----AC---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-27 00:30:58 ----AC---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-27 00:30:55 ----AC---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-27 00:30:55 ----AC---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-27 00:30:54 ----AC---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-27 00:30:54 ----AC---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-27 00:30:52 ----AC---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-27 00:30:52 ----AC---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-27 00:25:58 ----HDC---- C:\WINDOWS\msdownld.tmp
2008-12-27 00:25:45 ----DC---- C:\WINDOWS\Logs
2008-12-26 21:00:47 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2008-12-26 20:50:09 ----C---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-12-26 20:49:53 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2008-12-26 20:49:43 ----DC---- C:\f58ac1e88cc32bd2a8a2556445c8
2008-12-26 20:24:23 ----DC---- C:\Documents and Settings\Owner\Application Data\NSeries
2008-12-26 20:02:19 ----AC---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2008-12-26 20:02:19 ----AC---- C:\WINDOWS\system32\nmwcdcocls.dll
2008-12-26 18:57:04 ----DC---- C:\Documents and Settings\All Users\Application Data\Nokia
2008-12-26 18:53:42 ----DC---- C:\Documents and Settings\All Users\Application Data\Installations
2008-12-26 18:47:54 ----DC---- C:\Program Files\Common Files\muvee Technologies
2008-12-26 18:45:29 ----DC---- C:\Documents and Settings\Owner\Application Data\Nokia
2008-12-26 18:45:25 ----DC---- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-12-26 18:44:32 ----DC---- C:\WINDOWS\Globalization
2008-12-26 18:43:48 ----DC---- C:\Program Files\Common Files\Nokia
2008-12-26 18:43:13 ----DC---- C:\WINDOWS\Downloaded Installations
2008-12-26 18:41:35 ----DC---- C:\Program Files\Common Files\PCSuite
2008-12-26 18:36:09 ----DC---- C:\Program Files\DIFX
2008-12-26 18:35:56 ----DC---- C:\Documents and Settings\Owner\Application Data\PC Suite
2008-12-26 18:34:38 ----AC---- C:\WINDOWS\system32\nmwcdcls.dll
2008-12-26 18:34:37 ----DC---- C:\Program Files\Nokia
2008-12-24 13:50:01 ----DC---- C:\Program Files\Guitar Pro 5
2008-12-22 23:26:47 ----DC---- C:\Program Files\GALA-NET
2008-12-20 11:32:27 ----DC---- C:\WINDOWS\system32\NtmsData
2008-12-20 01:38:46 ----ADC---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-19 18:30:00 ----AC---- C:\WINDOWS\system32\frapsvid.dll

======List of files/folders modified in the last 1 months======

2009-01-11 15:06:56 ----DC---- C:\WINDOWS\Temp
2009-01-11 15:03:45 ----RDC---- C:\Program Files
2009-01-11 13:00:26 ----DC---- C:\WINDOWS\system32\config
2009-01-11 12:09:26 ----DC---- C:\WINDOWS\Prefetch
2009-01-11 10:41:58 ----SHDC---- C:\WINDOWS\Installer
2009-01-11 09:55:11 ----DC---- C:\Program Files\Mozilla Firefox
2009-01-11 09:33:23 ----DC---- C:\WINDOWS\system32\Lang
2009-01-11 00:58:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-09 20:01:04 ----DC---- C:\Program Files\Common Files\Symantec Shared
2009-01-09 15:11:24 ----DC---- C:\WINDOWS
2009-01-09 15:01:26 ----DC---- C:\WINDOWS\system32\drivers
2009-01-08 19:58:11 ----DC---- C:\WINDOWS\system32\CatRoot2
2009-01-05 16:12:53 ----SHC---- C:\boot.ini
2009-01-05 16:12:53 ----AC---- C:\WINDOWS\win.ini
2009-01-05 16:12:53 ----AC---- C:\WINDOWS\system.ini
2009-01-05 16:12:44 ----DC---- C:\WINDOWS\pss
2009-01-04 15:57:39 ----DC---- C:\WINDOWS\system32\wbem
2009-01-04 15:57:35 ----DC---- C:\WINDOWS\Registration
2009-01-04 15:48:34 ----DC---- C:\Documents and Settings
2008-12-30 14:50:37 ----DC---- C:\Program Files\Diablo II
2008-12-29 14:16:24 ----SDC---- C:\WINDOWS\Downloaded Program Files
2008-12-29 14:16:24 ----DC---- C:\WINDOWS\system32
2008-12-29 14:16:22 ----HDC---- C:\Program Files\InstallShield Installation Information
2008-12-29 12:05:09 ----AC---- C:\WINDOWS\NeroDigital.ini
2008-12-28 16:09:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-28 15:24:21 ----HDC---- C:\Documents and Settings\Owner\Application Data\ijjigame
2008-12-28 14:47:51 ----DC---- C:\Program Files\Steam
2008-12-27 00:31:14 ----DC---- C:\WINDOWS\system32\DirectX
2008-12-27 00:31:12 ----HDC---- C:\WINDOWS\inf
2008-12-27 00:30:51 ----RSDC---- C:\WINDOWS\assembly
2008-12-26 21:02:10 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-26 21:01:24 ----DC---- C:\WINDOWS\system32\LogFiles
2008-12-26 20:58:06 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 20:55:49 ----AC---- C:\WINDOWS\imsins.BAK
2008-12-26 20:02:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-26 18:54:19 ----DC---- C:\WINDOWS\WinSxS
2008-12-26 18:54:15 ----RSDC---- C:\WINDOWS\Fonts
2008-12-26 18:47:54 ----DC---- C:\Program Files\Common Files
2008-12-24 12:45:50 ----DC---- C:\TEMP
2008-12-20 16:03:52 ----DC---- C:\WINDOWS\system32\CatRoot
2008-12-18 00:57:26 ----HDC---- C:\WINDOWS\$hf_mig$
2008-12-13 01:26:56 ----AC---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2007-12-31 12160]
R1 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-09 85969]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-02-12 196752]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-12-31 62336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-29 2873856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2007-12-31 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090109.003\navex15.sys []
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-08-24 74752]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-02-12 12944]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-02-12 110736]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-02-12 31888]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20090102.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-02-12 28304]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-02-12 24720]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 DW;DW; C:\WINDOWS\system32\drivers\DW.sys []
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 dwusbdnt;dwusbdnt; C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 10368]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-12-31 12160]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S3 XDva090;XDva090; \??\C:\WINDOWS\system32\XDva090.sys []
S3 XDva136;XDva136; \??\C:\WINDOWS\system32\XDva136.sys []
S3 XDva164;XDva164; \??\C:\WINDOWS\system32\XDva164.sys []
S3 ZD1211U(ZyDAS);ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-28 536576]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-11-21 169576]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2007-03-14 31424]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2007-03-05 87680]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2005-08-07 167936]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-02-12 214672]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-01-10 1160792]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2007-03-14 1816768]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2007-03-05 173696]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-03-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-23 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-23 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-27 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-22 138168]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-23 68464]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-08 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2007-03-14 116416]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Shaba
2009-01-12, 12:07
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)

tankmon354
2009-01-13, 01:10
it doesn't seem to work for me. Everytime i go on to the scanner site, i'm stuck at the beginning, or i freeze. It just stays at "Please wait while Kaspersky Online Scanner 7.0 checks your computer configuration"

Shaba
2009-01-13, 15:28
Then we use this instead:

Please go to Eset website (http://www.eset.com/onlinescan/) to perform an online scan. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Uncheck (untick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

tankmon354
2009-01-15, 13:25
okay, after 3 days scanning it's done, here's the log (

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3762 (20090113)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=9717130069a8764bada27e9049dadb16
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-01-15 05:38:08
# local_time=2009-01-15 12:38:08 (-0500, Eastern Standard Time)
# country="People's Republic of China"
# osver=5.1.2600 NT Service Pack 3
# scanned=341593
# found=0
# scan_time=29934

Shaba
2009-01-15, 13:42
That looks good :)

Still problems?

tankmon354
2009-01-15, 22:53
yeah. it's still the same problem.....i rebooted it and it still loads so slow, and so does my programs.

Everything in the beginning is fine,then once it shows the welcome/login page, it starts going very slow

Shaba
2009-01-16, 12:34
For general slowness, see here (http://www.malwareremoval.com/tutorials/runningslowly.php) and post back if it helped :)

tankmon354
2009-01-17, 21:29
it didn't really help, the slowness is still around the same length, but maybe be a bit better then before.

Here's the link description that i accidentally clicked through msn (sorry if I'm not allowed to post this, but i think it might be a clue on what happened)

Do not be a sucker to your mobile phone company anymore, me and the guys have been getting all our ringtones now from this new place that does not charge you per song, so you can grab as many as you like, directly into your phone in seconds.

Shaba
2009-01-17, 21:48
If slowness is still present, then it is better to redirect you to some windows forum is that is OK.

As for your link, I will edit it out because it looks fishy.

tankmon354
2009-01-17, 22:22
aaa, yes please! thankyou for helping me still:)

Shaba
2009-01-17, 22:26
I recommend this (http://forums.pcpitstop.com/index.php?) place.

Still malware issues left?

tankmon354
2009-01-17, 22:59
no, thankyou for the recommendation, but do i have to register an account to get help, and i don't really understand which category of help in the forums i'm suppose to be in

Shaba
2009-01-18, 11:53
Yes, you will need to create an account.

Networking, Email, and Internet Connections might be best subforum there.

Shaba
2009-01-20, 15:43
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.