Logfile of HijackThis v1.99.1
Scan saved at 16:32:23, on 25/02/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\VMSnap23.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Xfire\xfire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Users\Derek\AppData\Local\Temp\Rar$EX00.539\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.astalavista.ms/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [BigDogPath323VMSnap] C:\Windows\VMSnap23.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BTHelena_McciTrayApp] C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP Premium\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP Premium\dapextie2.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\Windows\system32\klogon.dll
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BT Auto Backup Service (VaultClientSRV) - Unknown owner - C:\Program Files\BT Auto Backup\VaultClientSRV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

"UDP Query User{84CAE348-C3A8-4058-A4B7-2E3656FE6107}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
"{FB07D782-5F3D-4D13-ADDF-3DDCCBFF2EDC}"= UDP:3703:Adobe Version Cue CS3 Server
"{ABE45AC8-32AC-453A-9825-DCFC78A6C24D}"= UDP:3704:Adobe Version Cue CS3 Server
"{F5D6F724-7526-42B9-8EFC-9ADF621E9CB2}"= UDP:50900:Adobe Version Cue CS3 Server
"{E3EDA537-F5AB-4B91-940A-1A20338DCE84}"= UDP:50901:Adobe Version Cue CS3 Server
"{8430F93C-06AF-432D-B822-90D6C716BFAF}"= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{0B7314A2-2222-4469-B428-8407BE90F094}"= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"TCP Query User{53176D24-4B68-45B4-B647-1C442DEA7C9B}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{274FAA9A-911E-4EC2-9CD6-EE6BDEED6A5D}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{A997B40A-A692-47A5-B87B-D8C5EFB8EFEF}C:\program files\xi\netxfer\nettransport.exe"= UDP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager|Desc=NetXfer Download Manager
"UDP Query User{4F957970-18D3-4821-A79A-0FD8DA103A06}C:\program files\xi\netxfer\nettransport.exe"= TCP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager|Desc=NetXfer Download Manager
"TCP Query User{8BA2BAFE-5792-4112-9716-750D0EA2DFB3}C:\program files\mhtc\silkerrsender.exe"= UDP:C:\program files\mhtc\silkerrsender.exe:FTPSender MFC ?? ????|Desc=FTPSender MFC ?? ????
"UDP Query User{EDA7827B-12CC-4349-9B55-A9AC197B7D1E}C:\program files\mhtc\silkerrsender.exe"= TCP:C:\program files\mhtc\silkerrsender.exe:FTPSender MFC ?? ????|Desc=FTPSender MFC ?? ????
"TCP Query User{E5F57BAD-CA49-4470-97C1-73AF55A9833A}C:\program files\oovoo\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo|Desc=ooVoo
"UDP Query User{150A4CBC-0B97-49DB-B9E6-1B92541BF737}C:\program files\oovoo\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo|Desc=ooVoo
"{EB503B6F-2DBC-4290-A0D8-CBD8B56E978D}"= Disabled:UDP:37676:ooVoo TCP port 37676
"{B781C067-338F-48DC-BA42-B606A043531C}"= Disabled:TCP:37676:ooVoo UDP port 37676
"{4A16CE57-73E6-4D7F-88DA-3612772EBF0B}"= Disabled:TCP:37677:ooVoo UDP port 37677
"TCP Query User{3B09FD13-CEE9-4FEC-BB8A-520B345B882E}C:\program files\oovoo\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo|Desc=ooVoo
"UDP Query User{D989899C-553A-4461-8A26-87E913F14609}C:\program files\oovoo\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo|Desc=ooVoo
"TCP Query User{52BA4DF3-240C-4BD8-99B1-F04416E8A29C}C:\program files\skype\phone\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{35D61FC3-C7BD-4385-8D92-38F1C794A2D8}C:\program files\skype\phone\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"{5D02C937-D4BC-4A81-BB0F-8F8749D6A941}"= UDP:443:ooVoo TCP port 443
"{4E998FD7-622D-40C9-919F-C5D23A8CD6B6}"= TCP:443:ooVoo UDP port 443
"{82D4AC18-A8DE-4AA2-9DCF-BED615384B71}"= UDP:37674:ooVoo TCP port 37674
"{A537E137-ECBC-4F36-8AA8-2C44F3B0796D}"= TCP:37674:ooVoo UDP port 37674
"{81D438E4-EC9C-40AF-8732-8ED240E56D33}"= TCP:37675:ooVoo UDP port 37675
"{C0C52CEA-88A6-4711-9F38-447EE1FE3B5A}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{642250E4-0792-4FB6-921A-DFBC76E37481}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{39DC8FE4-E60C-460C-AB38-D8A1E75A4BEC}C:\program files\skype\phone\skype.exe"= Disabled:UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{C64FC9E4-323A-4E1E-8164-DE8D542D0C5C}C:\program files\skype\phone\skype.exe"= Disabled:TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 13:59]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 15:19]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 09:45]
R2 VaultClientSRV;BT Auto Backup Service;C:\Program Files\BT Auto Backup\VaultClientSRV.exe [2007-07-04 21:01]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-16 07:22]
R3 vmfilter323;323 filter service, Normal;C:\Windows\system32\drivers\vmfilter323.sys [2006-08-08 11:25]
R3 ZSMC326;Vimicro USB2.0 PC Camera(VC0323);C:\Windows\system32\Drivers\usbvm323.sys [2006-08-21 16:40]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 13:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 13:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 13:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 13:54]
S3 SMALUSB;Digital Camera Driver;C:\Windows\system32\DRIVERS\smalfuji.sys [2002-05-31 12:24]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\T]
\shell\AutoRun\command - T:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{017461c3-6e59-11dc-9ce4-0019d122c213}]
\shell\AutoRun\command - L:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{017461c6-6e59-11dc-9ce4-0019d122c213}]
\shell\AutoRun\command - S:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd954e6-fa33-11db-bd0b-0019d122c213}]
\shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{746708f6-6790-11dc-ac9c-0019d122c213}]
\shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{746708fd-6790-11dc-ac9c-0019d122c213}]
\shell\AutoRun\command - T:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{746708ff-6790-11dc-ac9c-0019d122c213}]
\shell\AutoRun\command - U:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 17:19:10 C:\Windows\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-25 12:40:10 C:\Windows\Tasks\User_Feed_Synchronization-{78B6C022-1A60-4780-B8CD-3F5212EE8ACE}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 16:19:18
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-25 16:20:52
ComboFix-quarantined-files.txt  2008-02-25 16:20:49

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{761C38E7-4D54-4DEE-A75F-7BC5D3F3FC7B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D98337F9-483A-4190-A960-56AC5C6CA27D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{30AE0FAD-C337-4138-A28C-FDA4FA67D50E}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{784AC743-87D5-4AC8-9D3E-988CC961F32D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B3BB8C1D-EA6A-4001-AF61-31E631049BB5}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1BFC0462-A655-4123-B93D-00ADBA0EA4AC}C:\program files\common files\ahead\nero web\setupx.exe"= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
"UDP Query User{6193715B-4DA6-4D5A-8A50-8F92C9EC445C}C:\program files\common files\ahead\nero web\setupx.exe"= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter|Desc=MSI starter
"TCP Query User{BB6627BC-F19F-4F44-987A-4108F5C75313}C:\program files\nero\nero 7\nero home\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home
"UDP Query User{259383E4-03E9-471A-8DF5-4A3688BB0393}C:\program files\nero\nero 7\nero home\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home|Desc=Nero Home
"TCP Query User{180DBEC1-0E4C-4CFC-8CD0-2842C4A82AAA}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade|Desc=DarkCrusade
"UDP Query User{F7109FE5-DDB0-4F4F-91B1-D00A09FE56AE}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade|Desc=DarkCrusade
"TCP Query User{1543E920-02B6-466C-AEC1-2BB9097A6F8A}C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{8567689E-7303-4B23-9D72-CBD7A5E02DF3}C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe:hl2|Desc=hl2
"TCP Query User{9B0ADEAE-6435-4747-B303-1FABFA05C14F}C:\program files\flashget\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet|Desc=FlashGet
"UDP Query User{BED92C83-BF37-4613-9D49-1D2044659F87}C:\program files\flashget\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet|Desc=FlashGet
"TCP Query User{D0C657FE-E10C-4D3B-B191-B58ED9F6EB42}C:\users\derek\desktop\need for speed most wanted\nfsmw.exe"= UDP:C:\users\derek\desktop\need for speed most wanted\nfsmw.exe:nfsmw.exe|Desc=nfsmw.exe
"UDP Query User{25136E30-5A72-4C38-B78A-BBE1EF498FFE}C:\users\derek\desktop\need for speed most wanted\nfsmw.exe"= TCP:C:\users\derek\desktop\need for speed most wanted\nfsmw.exe:nfsmw.exe|Desc=nfsmw.exe
"TCP Query User{4CF273F3-C1C6-4418-A973-B47CB37AA631}C:\program files\silkroad\sro_client.exe"= UDP:C:\program files\silkroad\sro_client.exe:sro_client|Desc=sro_client
"UDP Query User{1AAE63EF-01F9-48D6-97C2-1E10ACC5CCB3}C:\program files\silkroad\sro_client.exe"= TCP:C:\program files\silkroad\sro_client.exe:sro_client|Desc=sro_client
"TCP Query User{7A10A9B0-1EC6-4CC5-AED5-A2BCA8678650}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade|Desc=DarkCrusade
"UDP Query User{3452E5B8-5F42-4FAC-8AD4-19302B09D238}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade|Desc=DarkCrusade
"TCP Query User{B42DF1D9-E4ED-4114-B1FA-270DE5F7D2FF}C:\program files\xfire\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire|Desc=Xfire
"UDP Query User{9A8D64AB-9C1A-4B52-B918-77335BEDE131}C:\program files\xfire\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire|Desc=Xfire
"TCP Query User{C35B130E-B15B-4AAD-8D48-FC34D1A73A4A}C:\users\derek\downloads\starcraft2cinematictrailer_englishus-avi-downloader.exe"= UDP:C:\users\derek\downloads\starcraft2cinematictrailer_englishus-avi-downloader.exe:starcraft2cinematictrailer_englishus-avi-downloader.exe|Desc=starcraft2cinematictrailer_englishus-avi-downloader.exe
"UDP Query User{3AC37601-88E7-4034-B36B-A6BC535709D0}C:\users\derek\downloads\starcraft2cinematictrailer_englishus-avi-downloader.exe"= TCP:C:\users\derek\downloads\starcraft2cinematictrailer_englishus-avi-downloader.exe:starcraft2cinematictrailer_englishus-avi-downloader.exe|Desc=starcraft2cinematictrailer_englishus-avi-downloader.exe
"TCP Query User{2771B7EF-101D-4D33-A40E-E3A3E6490A0F}C:\program files\xfire\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire|Desc=Xfire
"UDP Query User{446A69D1-228B-4CB1-AF04-7E391BB531D4}C:\program files\xfire\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire|Desc=Xfire
"TCP Query User{8C0F3D73-F749-4715-9615-FFA7EC7DC605}C:\program files\flashget\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet|Desc=FlashGet
"UDP Query User{740CFC7C-FB8D-4C3F-A8E1-C0141C7D1B61}C:\program files\flashget\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet|Desc=FlashGet
"TCP Query User{BC245EE6-036C-4B1F-94F4-5D18473B39A9}C:\program files\messengerdiscovery\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon|Desc=MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{E01F667F-649D-4806-9D0E-625D7DD4476A}C:\program files\messengerdiscovery\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon|Desc=MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{8FA0B0AB-454F-45F1-9E39-1A27B5040DBA}C:\program files\messengerdiscovery\messengerdiscovery live.exe"= UDP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon|Desc=MessengerDiscovery Live the Windows Live Messenger addon
"UDP Query User{0045A20E-600A-43BC-B77A-9DBE63602E7A}C:\program files\messengerdiscovery\messengerdiscovery live.exe"= TCP:C:\program files\messengerdiscovery\messengerdiscovery live.exe:MessengerDiscovery Live the Windows Live Messenger addon|Desc=MessengerDiscovery Live the Windows Live Messenger addon
"TCP Query User{F89875BC-109F-4C4E-A65F-636F40CB9EB2}C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{EC203A4C-8417-45F5-AC95-64ABC7B1F522}C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe:hl2|Desc=hl2
"TCP Query User{A5502E35-524A-4560-A583-6154BCB40ECE}C:\program files\steam\steamapps\safan0\half-life 2 deathmatch\hl2.exe"= UDP:C:\program files\steam\steamapps\safan0\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
"UDP Query User{A656E0B2-F4DF-49F2-9C4F-601477121E02}C:\program files\steam\steamapps\safan0\half-life 2 deathmatch\hl2.exe"= TCP:C:\program files\steam\steamapps\safan0\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
"TCP Query User{BB43ED09-1DCC-4CE0-A496-A132064F8ACE}C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{0E55F41C-0DE2-4FD3-B8FC-53B023EF5C68}C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\safan0\counter-strike source\hl2.exe:hl2|Desc=hl2
"{C0C4D66E-B51D-4EDD-9287-4D8BE353FDE8}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{F6069D8E-C9D0-4AA3-B32F-6AA5435FBEB7}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{7B448F35-C70C-4C34-A9E5-3D8873438707}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{DDFBDA31-CE89-4BFA-BD84-F3D3F893745D}C:\program files\real\realplayer\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"UDP Query User{79A69D89-62B0-46D6-87D3-D716D5CF924D}C:\program files\real\realplayer\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer|Desc=RealPlayer
"{586DC12D-6452-4F5B-AD37-B1571FE396C2}"= UDP:C:\Program Files\Nakido\nakido.exe:Nakido
"{C791C479-51F4-4805-BBD4-6B7411604492}"= TCP:C:\Program Files\Nakido\nakido.exe:Nakido
"TCP Query User{5703E9D7-9816-4F19-91A7-ED96D1BE8A8F}C:\program files\mirc\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
"UDP Query User{DE0595F4-9E2C-4FDA-A762-3149D1A59457}C:\program files\mirc\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
"TCP Query User{6FE3A52B-7D38-4382-81CC-C8D893A6FC4A}C:\program files\littlefighter2\lf2_v1.9c\lf2.exe"= UDP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2|Desc=lf2
"UDP Query User{47AEB4BE-47B2-4DA3-A318-04DE44C87F42}C:\program files\littlefighter2\lf2_v1.9c\lf2.exe"= TCP:C:\program files\littlefighter2\lf2_v1.9c\lf2.exe:lf2|Desc=lf2
"TCP Query User{F30EF3D3-5290-4A0E-861A-3086D7D3EA16}C:\users\derek\downloads\starcraft2cinematictrailer_englisheu-avi-downloader.exe"= UDP:C:\users\derek\downloads\starcraft2cinematictrailer_englisheu-avi-downloader.exe:starcraft2cinematictrailer_englisheu-avi-downloader.exe|Desc=starcraft2cinematictrailer_englisheu-avi-downloader.exe
"UDP Query User{FC85ADDC-70F6-487C-A487-D2D65CF1EBA7}C:\users\derek\downloads\starcraft2cinematictrailer_englisheu-avi-downloader.exe"= TCP:C:\users\derek\downloads\starcraft2cinematictrailer_englisheu-avi-downloader.exe:starcraft2cinematictrailer_englisheu-avi-downloader.exe|Desc=starcraft2cinematictrailer_englisheu-avi-downloader.exe
"TCP Query User{3C5FBA6E-410F-4BF8-B529-3B3D8E1EBEB5}C:\users\derek\desktop\age of empires ii\empires2.exe"= UDP:C:\users\derek\desktop\age of empires ii\empires2.exe:empires2.exe|Desc=empires2.exe
"UDP Query User{BCCF4AF6-8A8A-4F25-A539-5BF797731AD1}C:\users\derek\desktop\age of empires ii\empires2.exe"= TCP:C:\users\derek\desktop\age of empires ii\empires2.exe:empires2.exe|Desc=empires2.exe
"TCP Query User{F7EF4F82-583A-489F-81A0-F959B993C70A}C:\program files\starcraft\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:StarCraft|Desc=StarCraft
"UDP Query User{0D812E7B-4E9E-472A-9FB9-B700DFE486A1}C:\program files\starcraft\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:StarCraft|Desc=StarCraft
"TCP Query User{A976908B-4E22-430F-8197-DCF2E95F755E}C:\program files\silkroad\silkerrsender.exe"= UDP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????|Desc=FTPSender MFC ?? ????
"UDP Query User{1E8B802A-CF64-4BAE-9AC0-B52C99859116}C:\program files\silkroad\silkerrsender.exe"= TCP:C:\program files\silkroad\silkerrsender.exe:FTPSender MFC ?? ????|Desc=FTPSender MFC ?? ????
"TCP Query User{DB93E98A-30B9-4DC4-9D39-790F14CEC7F8}C:\program files\mirc\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
"UDP Query User{6A5A2C99-B2F4-4511-9532-B77CCB61401F}C:\program files\mirc\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
"TCP Query User{51B89521-CDCC-4660-81F3-7C6755E67F3B}C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{6A2D8251-1DC1-49A2-BD81-2022BC350072}C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\reddv\counter-strike source\hl2.exe:hl2|Desc=hl2
"TCP Query User{7A93EBE0-014B-4CE2-A804-89230CA316D4}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{E04B634E-8340-41C2-9E88-23D8B227964A}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"{69BAE94C-0F76-4C35-9D5C-7BE1B4EDB624}"= UDP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"{85142FC1-1B12-4373-8215-0B2873F51371}"= TCP:C:\Program Files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit
"TCP Query User{047CF2C8-0675-4FB3-A9CB-582E2641E7F5}C:\users\derek\appdata\roaming\u3\00001564cb61bbc0\0de4f643-c398-46ec-9339-2362f2311932\exec\skype.exe"= UDP:C:\users\derek\appdata\roaming\u3\00001564cb61bbc0\0de4f643-c398-46ec-9339-2362f2311932\exec\skype.exe:skype.exe|Desc=skype.exe
"UDP Query User{4D43E62C-1F03-4347-BAD8-0B32F5CBF5F2}C:\users\derek\appdata\roaming\u3\00001564cb61bbc0\0de4f643-c398-46ec-9339-2362f2311932\exec\skype.exe"= TCP:C:\users\derek\appdata\roaming\u3\00001564cb61bbc0\0de4f643-c398-46ec-9339-2362f2311932\exec\skype.exe:skype.exe|Desc=skype.exe
"{DF9C30AC-56A0-4DA8-AB8B-787EFC6C6140}"= UDP:C:\Program Files\Internet Download Manager\IDMan.exe:Internet Download Manager
"{F54C5ABC-0D76-418B-B2C0-F83304215E35}"= TCP:C:\Program Files\Internet Download Manager\IDMan.exe:Internet Download Manager
"{7A4869B4-62D7-4BCE-9FE9-C2D402C88A74}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{17C10356-3C63-4375-8FC9-C08DE7D2C1B2}C:\program files\steam\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam|Desc=Steam
"UDP Query User{03C37AA1-5A97-4A11-B039-78E83625F186}C:\program files\steam\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam|Desc=Steam
"TCP Query User{3D31E76A-1E54-4E77-AD71-FCF163FD3EDC}C:\users\derek\downloads\astalavista_mirc_preconfigured_6.3\astalavista_mirc_preconfigured_6.3\mirc.exe"= UDP:C:\users\derek\downloads\astalavista_mirc_preconfigured_6.3\astalavista_mirc_preconfigured_6.3\mirc.exe:mirc.exe|Desc=mirc.exe
"UDP Query User{BECFFD33-F460-478E-8A73-BFBF2794A194}C:\users\derek\downloads\astalavista_mirc_preconfigured_6.3\astalavista_mirc_preconfigured_6.3\mirc.exe"= TCP:C:\users\derek\downloads\astalavista_mirc_preconfigured_6.3\astalavista_mirc_preconfigured_6.3\mirc.exe:mirc.exe|Desc=mirc.exe
"TCP Query User{B9909B4F-29F8-4309-875C-565AB90FB849}C:\program files\trillian\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian|Desc=Trillian
"UDP Query User{6BAC6EFF-634A-40A2-97D8-F9D826FC384E}C:\program files\trillian\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian|Desc=Trillian
"TCP Query User{F1F636F6-6AFA-4C96-A2D4-2881FF41083E}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent|Desc=utorrent
"UDP Query User{1E9FE700-9019-489E-AA53-8D1FC470E923}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent|Desc=utorrent
"{F493CC4A-E8E2-4703-B4B2-C21489EF643D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E8813ABD-941F-4399-881D-00B4C3C0096A}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{9AB3AFD9-2C89-46A7-8D24-A99A3C3CF527}"= UDP:C:\Program Files\Nakido\nakido.exe:Nakido
"{295CD4B9-7F43-43BD-B8EE-29989D21E3F1}"= TCP:C:\Program Files\Nakido\nakido.exe:Nakido
"TCP Query User{83364BCB-AB26-4D86-9E6B-5A9019D11794}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{A7DF8F86-B739-4C0C-8E36-C932827BF758}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{99E0B262-DCE3-4D4B-97AB-7E169FE5F29B}C:\users\derek\documents\my received files\wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe"= UDP:C:\users\derek\documents\my received files\wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe:wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe|Desc=wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe
"UDP Query User{FC3E1353-6944-422A-BAC3-7B8A3A2A3D9F}C:\users\derek\documents\my received files\wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe"= TCP:C:\users\derek\documents\my received files\wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe:wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe|Desc=wow-0.3.2.7720-to-0.3.2.7741-engb-downloader.exe
"{D97F678E-BD97-49F3-A44B-9AC03C9B2DB9}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8CB13564-DABA-407C-9FAF-470257808532}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{D091582A-81E2-4AFF-95F2-E5B4FE910AD4}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4F7DD364-C514-4253-9F34-334D50B19056}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{6F8F074F-3AEC-435F-B7E5-F49766858181}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{6AAD523B-5D44-461E-9311-AFAF5FCEAF0F}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{37B01A9E-3D1C-4199-8D01-8071BD7B9451}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4EEBF57B-EB77-482C-9B8E-31F2628D13B1}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{FDBA4A39-1BB2-43F9-B4A1-AB2854467AE0}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{192003FD-81F5-416C-93D7-A0151406023F}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{53B5EEA2-0200-44CE-B55C-3FDAD800C07C}C:\program files\trillian\trillian.exe"= UDP:C:\program files\trillian\trillian.exe:Trillian|Desc=Trillian
"UDP Query User{36748EE1-699A-4664-9969-D21956E93F3B}C:\program files\trillian\trillian.exe"= TCP:C:\program files\trillian\trillian.exe:Trillian|Desc=Trillian
"{7A74D810-159E-4949-A929-E75D1EE8EE6A}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{7A4236A8-876E-4631-A2D3-39556DC0DB2F}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{612CE21D-C2CC-446D-96E1-7E765BBF87F0}"= UDP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{1F28D3A4-3D49-4725-ADC8-76B4B39DE8BE}"= TCP:C:\Program Files\utorrent\utorrent.exe:µTorrent
"{3ABF5336-E6C1-4829-AC8E-F638E853416E}"= UDP:40109:TCP 40109
"{933788BD-3DF3-4356-865B-92F76C78BCC4}"= TCP:61534:UDP 61534
"TCP Query User{4D5A4F59-419C-40D8-9A73-7F0AE297EDC0}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule

ComboFix 08-02-25.3 - Derek 2008-02-25 16:12:22.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate   6.0.6000.0.1252.1.1033.18.904 [GMT 0:00]
Running from: C:\Users\Derek\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Derek\AppData\Roaming\inst.exe

.
(((((((((((((((((((((((((   Files Created from 2008-01-25 to 2008-02-25  )))))))))))))))))))))))))))))))
.

2008-02-24 17:17 . 2008-02-24 17:17   <DIR>   d--------   C:\Users\All Users\vsosdk
2008-02-24 17:17 . 2008-02-24 17:17   <DIR>   d--------   C:\ProgramData\vsosdk
2008-02-24 16:21 . 2008-02-24 17:32   <DIR>   d--------   C:\Users\Derek\AppData\Roaming\Vso
2008-02-24 16:21 . 2008-02-24 16:21   <DIR>   d--------   C:\Program Files\VSO
2008-02-24 16:21 . 2004-05-04 11:53   1,645,320   --a------   C:\Windows\gdiplus.dll
2008-02-24 16:21 . 2006-05-20 16:16   1,184,984   --a------   C:\Windows\System32\wvc1dmod.dll
2008-02-24 16:21 . 2006-05-11 19:21   626,688   --a------   C:\Windows\System32\vp7vfw.dll
2008-02-24 16:21 . 2006-09-29 12:24   217,127   --a------   C:\Windows\System32\drv43260.dll
2008-02-24 16:21 . 2006-09-29 12:25   208,935   --a------   C:\Windows\System32\drv33260.dll
2008-02-24 16:21 . 2006-09-29 12:26   176,165   --a------   C:\Windows\System32\drv23260.dll
2008-02-24 16:21 . 2007-03-18 20:37   65,602   --a------   C:\Windows\System32\cook3260.dll
2008-02-24 16:21 . 2008-02-24 16:21   47,360   --a------   C:\Windows\System32\drivers\pcouffin.sys
2008-02-24 16:21 . 2008-02-24 16:21   47,360   --a------   C:\Users\Derek\AppData\Roaming\pcouffin.sys
2008-02-24 13:28 . 2008-02-24 13:28   <DIR>   d--------   C:\Deckard
2008-02-20 14:04 . 2008-02-15 15:12   206,256   --a------   C:\Windows\System32\idmmbc.dll
2008-02-19 09:09 . 2008-02-19 09:09   <DIR>   d--------   C:\Program Files\ASIO4ALL v2
2008-02-19 09:04 . 2008-02-19 11:15   <DIR>   d--------   C:\Program Files\VstPlugins
2008-02-19 09:04 . 2002-07-07 22:14   1,294,336   --a------   C:\Windows\System32\vorbis.acm
2008-02-19 09:04 . 2006-06-20 08:56   225,280   --a------   C:\Windows\System32\rewire.dll
2008-02-18 13:46 . 2008-02-18 13:46   <DIR>   d--------   C:\Users\All Users\Sony Ericsson
2008-02-18 13:46 . 2008-02-18 13:46   <DIR>   d--------   C:\ProgramData\Sony Ericsson
2008-02-18 13:45 . 2008-02-18 13:45   <DIR>   d--------   C:\Program Files\Sony Ericsson
2008-02-14 22:05 . 2008-02-14 22:11   <DIR>   d--------   C:\Users\Derek\AppData\Roaming\ooVoo Details
2008-02-14 22:05 . 2008-02-14 22:05   <DIR>   d--------   C:\Program Files\ooVoo
2008-02-14 18:26 . 2008-02-14 18:26   1,244,672   --a------   C:\Windows\System32\mcmde.dll
2008-02-14 12:43 . 2008-02-14 12:44   <DIR>   d--------   C:\Program Files\RoboTask
2008-02-13 22:32 . 2008-02-13 22:32   194,560   --a------   C:\Windows\System32\WebClnt.dll
2008-02-13 22:32 . 2008-02-13 22:32   110,080   --a------   C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 22:29 . 2008-02-13 22:29   3,504,696   --a------   C:\Windows\System32\ntkrnlpa.exe
2008-02-13 22:29 . 2008-02-13 22:29   3,470,392   --a------   C:\Windows\System32\ntoskrnl.exe
2008-02-13 22:28 . 2008-02-13 22:28   154,624   --a------   C:\Windows\System32\drivers\nwifi.sys
2008-02-13 22:27 . 2008-02-13 22:27   4,247,552   --a------   C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 22:27 . 2008-02-13 22:27   1,686,528   --a------   C:\Windows\System32\gameux.dll
2008-02-13 22:27 . 2008-02-13 22:27   806,400   --a------   C:\Windows\System32\drivers\tcpip.sys
2008-02-13 22:27 . 2008-02-13 22:27   217,144   --a------   C:\Windows\System32\drivers\netio.sys
2008-02-13 22:27 . 2008-02-13 22:27   167,424   --a------   C:\Windows\System32\tcpipcfg.dll
2008-02-13 22:27 . 2008-02-13 22:27   24,064   --a------   C:\Windows\System32\netcfg.exe
2008-02-13 22:27 . 2008-02-13 22:27   22,016   --a------   C:\Windows\System32\netiougc.exe
2008-02-09 18:09 . 2008-02-09 18:09   <DIR>   d--------   C:\Users\Derek\.DownloadManager
2008-02-07 17:06 . 2008-02-07 17:06   1,152,000   --a------   C:\Windows\System32\themecpl.dll
2008-02-07 17:06 . 2008-02-07 17:06   233,888   --a------   C:\Windows\System32\DreamScene.dll
2008-02-02 15:22 . 2008-02-09 09:06   <DIR>   d--------   C:\Program Files\StuffPlug3
2008-02-01 16:03 . 2008-02-09 18:10   <DIR>   d--------   C:\Users\Derek\AppData\Roaming\IDM
2008-02-01 08:26 . 2008-02-01 15:38   <DIR>   d--------   C:\Program Files\DAP Premium
2008-01-31 17:33 . 2008-01-31 17:34   <DIR>   d--------   C:\Program Files\VistaCodecPack
2008-01-31 02:02 . 2008-01-31 02:02   54,608   --a------   C:\Windows\System32\xfcodec.dll
2008-01-26 21:50 . 2008-01-26 21:50   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-01-26 21:49 . 2008-01-26 21:49   348,160   --a------   C:\Windows\System32\msvcr71.dll
2008-01-26 12:51 . 2008-01-26 12:51   <DIR>   d--------   C:\Users\All Users\Tiger Install
2008-01-26 12:51 . 2008-01-26 12:51   <DIR>   d--------   C:\ProgramData\Tiger Install
2008-01-26 12:49 . 2008-02-07 12:46   <DIR>   d--------   C:\Program Files\MHTC
2008-01-26 07:50 . 2008-01-26 07:50   0   --a------   C:\Windows\nsreg.dat

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 16:19   ---------   d-----w   C:\Users\Derek\AppData\Roaming\Skype
2008-02-25 16:11   53,675,808   --sha-w   C:\Windows\system32\drivers\fidbox.dat
2008-02-25 16:08   ---------   d-----w   C:\Users\Derek\AppData\Roaming\skypePM
2008-02-25 15:37   ---------   d-----w   C:\ProgramData\Kaspersky Lab
2008-02-25 15:37   ---------   d-----w   C:\Program Files\Steam
2008-02-25 15:36   ---------   d-----w   C:\Users\Derek\AppData\Roaming\DMCache
2008-02-25 13:06   723,572   --sha-w   C:\Windows\system32\drivers\fidbox.idx
2008-02-24 21:57   ---------   d-----w   C:\Program Files\Trillian
2008-02-22 18:55   ---------   d-----w   C:\Users\Derek\AppData\Roaming\dvdcss
2008-02-22 09:11   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-02-22 07:57   ---------   d-----w   C:\Program Files\Internet Download Manager
2008-02-21 12:57   22,328   ----a-w   C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-21 12:57   107,832   ----a-w   C:\Windows\System32\PnkBstrB.exe
2008-02-21 12:47   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-21 12:38   66,872   ----a-w   C:\Windows\System32\PnkBstrA.exe
2008-02-20 06:17   ---------   d-----w   C:\Program Files\Silkroad
2008-02-19 20:56   ---------   d-----w   C:\Users\Derek\AppData\Roaming\Corel
2008-02-19 19:29   10,068   --sha-w   C:\Windows\System32\KGyGaAvL.sys
2008-02-19 11:20   ---------   d-----w   C:\Users\Derek\AppData\Roaming\Xfire
2008-02-16 18:32   ---------   d-----w   C:\Users\Derek\AppData\Roaming\uTorrent
2008-02-16 18:31   ---------   d-----w   C:\Program Files\Common Files\Steam
2008-02-14 19:23   ---------   d-----w   C:\ProgramData\Xfire
2008-02-13 22:28   ---------   d-----w   C:\ProgramData\Microsoft Help
2008-02-13 22:27   537,600   ----a-w   C:\Windows\AppPatch\AcLayers.dll
2008-02-13 22:27   449,536   ----a-w   C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 22:27   2,144,256   ----a-w   C:\Windows\AppPatch\AcGenral.dll
2008-02-13 22:27   173,056   ----a-w   C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 22:25   824,832   ----a-w   C:\Windows\System32\wininet.dll
2008-02-13 22:25   56,320   ----a-w   C:\Windows\System32\iesetup.dll
2008-02-13 22:25   52,736   ----a-w   C:\Windows\AppPatch\iebrshim.dll
2008-02-13 22:25   26,624   ----a-w   C:\Windows\System32\ieUnatt.exe
2008-02-13 08:22   ---------   d-----w   C:\Users\Derek\AppData\Roaming\U3
2008-02-08 05:13   ---------   d-----w   C:\ProgramData\NVIDIA
2008-02-05 17:50   ---------   d-s---w   C:\Program Files\Xfire
2008-02-01 06:57   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-01-31 19:35   91,700   ----a-w   C:\Windows\system32\drivers\klin.dat
2008-01-31 17:32   ---------   d-----w   C:\Program Files\LD-Anime
2008-01-30 15:48   ---------   d-----w   C:\Users\Derek\AppData\Roaming\LimeWire
2008-01-28 21:50   ---------   d-----w   C:\Program Files\WinPcap
2008-01-28 21:49   ---------   d-----w   C:\Program Files\Messenger Plus! Live
2008-01-28 15:56   ---------   d-----w   C:\Program Files\DU Meter
2008-01-26 21:49   ---------   d-----w   C:\Program Files\Common Files\Real
2008-01-26 21:35   ---------   d-----w   C:\Program Files\Real
2008-01-20 17:21   ---------   d-----w   C:\Users\Derek\AppData\Roaming\Xi
2008-01-20 12:04   ---------   d-----w   C:\Users\Derek\AppData\Roaming\Talkback
2008-01-19 19:10   ---------   d-----w   C:\ProgramData\FLEXnet
2008-01-19 19:04   ---------   d-----w   C:\ProgramData\ALM
2008-01-18 15:35   ---------   d-----w   C:\Program Files\BT Auto Backup
2008-01-14 22:29   ---------   d-----w   C:\ProgramData\eMule
2008-01-14 16:37   ---------   d-----w   C:\Users\Derek\AppData\Roaming\eMule
2008-01-14 16:37   ---------   d-----w   C:\Program Files\MessengerDiscovery
2008-01-14 16:37   ---------   d-----w   C:\Program Files\eMule
2008-01-13 12:02   ---------   d-----w   C:\Program Files\Astalavista.MS Community
2008-01-12 16:30   ---------   d-----w   C:\Program Files\Easy CD-DA Extractor 11
2008-01-10 18:28   ---------   d-----w   C:\Users\Derek\AppData\Roaming\BT
2008-01-10 18:28   ---------   d-----w   C:\Program Files\BT Broadband Talk Softphone
2008-01-10 17:59   ---------   d-----w   C:\ProgramData\Yahoo!
2008-01-10 17:48   ---------   d-----w   C:\ProgramData\Yahoo! Companion
2008-01-10 17:24   ---------   d-----w   C:\Program Files\Yahoo!
2008-01-10 17:23   ---------   d-----w   C:\Program Files\Common Files\BTHelena
2008-01-10 17:23   ---------   d-----w   C:\Program Files\BBDesktopHelpUpgradeAdvisor
2008-01-10 17:21   ---------   d-----w   C:\ProgramData\Motive
2008-01-10 17:21   ---------   d-----w   C:\Program Files\Common Files\Motive
2008-01-10 17:21   ---------   d-----w   C:\Program Files\BTHomeHub
2008-01-09 16:21   ---------   d-----w   C:\Program Files\Windows Sidebar
2008-01-09 16:21   ---------   d-----w   C:\Program Files\Windows Mail
2008-01-09 16:15   211,000   ----a-w   C:\Windows\system32\drivers\volsnap.sys
2008-01-09 16:15   11,776   ----a-w   C:\Windows\System32\sbunattend.exe
2008-01-09 16:15   1,060,920   ----a-w   C:\Windows\system32\drivers\ntfs.sys
2008-01-08 21:34   32   ----a-w   C:\Users\All Users\ezsid.dat
2008-01-08 21:34   32   ----a-w   C:\ProgramData\ezsid.dat
2008-01-08 21:34   ---------   d-----w   C:\Program Files\Common Files\Skype
2008-01-07 18:51   ---------   d-----w   C:\Program Files\BWMeter
2008-01-07 07:53   22,328   ----a-w   C:\Users\Derek\AppData\Roaming\PnkBstrK.sys
2008-01-07 07:36   ---------   d-----w   C:\Program Files\Activision
2008-01-01 21:00   ---------   d-----w   C:\Users\Derek\AppData\Roaming\.purple
2008-01-01 20:42   ---------   d-----w   C:\Users\Derek\AppData\Roaming\gtk-2.0
2008-01-01 20:34   ---------   d-----w   C:\Program Files\Common Files\GTK
2007-12-29 10:11   ---------   d-----w   C:\Users\Ken\AppData\Roaming\DMCache
2007-12-28 08:18   ---------   d-----w   C:\Program Files\Common Files\PCSuite
2007-12-12 23:15   9,728   ----a-w   C:\Windows\System32\LAPRXY.DLL
2007-12-12 23:15   223,232   ----a-w   C:\Windows\System32\WMASF.DLL
2007-12-12 23:15   1,327,104   ----a-w   C:\Windows\System32\quartz.dll
2007-08-29 07:45   174   --sha-w   C:\Program Files\desktop.ini
2007-11-06 07:49   16,384   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-06 07:49   32,768   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-06 07:49   16,384   --sha-w   C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-04-28 09:46   88   --sh--r   C:\Windows\System32\BA8B5D2B95.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-12-07 15:08 21686568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 12:34 125440]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2007-12-12 18:49 2582288]
"BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [2007-06-18 09:39 61440]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 10:29 220544]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 19:09 1266936]
"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" [2008-02-14 14:10 12400432]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-02-21 20:36 2594224]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-28 08:47 1006264]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 13:56 303104 C:\Windows\sttray.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 14:52 849280]
"BigDogPath323VMSnap"="C:\Windows\VMSnap23.exe" [2006-07-20 04:37 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 11:51 218376]
"BTHelena_McciTrayApp"="C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe" [2007-07-17 10:26 1001472]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [2007-03-20 16:40 1884160]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [2007-08-17 10:50 483144]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-17 08:07 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-17 08:07 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-17 08:07 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

C:\Users\Ken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2005-02-28 17:25:37 1873280]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-01-31 02:02:36 2880336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - C:\Windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-09-20 16:43:40 22486]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath323Domino"=C:\Windows\Domino.exe

VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Vimicro USB2.0 PC Camera (VC0323) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B9B7BA2-0C7A-4759-BACD-FADADE9E6694}\setup.exe" -l0x9  -removeonly
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Windows Live installer --> MsiExec.exe /I{8338DB5D-A492-4DFF-AEB2-5D09F5DB0F3F}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPcap 4.0 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WolfTeam International --> "C:\Program Files\Softnyx\WolfTeam\unins000.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"









-- Application Event Log -------------------------------------------------------

Event Record #/Type29518 / Success
Event Submitted/Written: 02/23/2008 07:25:53 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type29513 / Success
Event Submitted/Written: 02/23/2008 07:24:00 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type29512 / Success
Event Submitted/Written: 02/23/2008 07:24:00 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type29505 / Success
Event Submitted/Written: 02/23/2008 07:23:44 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type29493 / Error
Event Submitted/Written: 02/23/2008 06:28:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
The program hl2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 273c
Start Time: 01c87637a440da7f
Termination Time: 15049



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type134004 / Warning
Event Submitted/Written: 02/24/2008 01:06:05 PM
Event ID/Source: 243 / Win32k
Event Description:
A desktop heap allocation failed.

Event Record #/Type134001 / Error
Event Submitted/Written: 02/24/2008 11:54:51 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Event Record #/Type134000 / Error
Event Submitted/Written: 02/24/2008 11:54:51 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Event Record #/Type133999 / Error
Event Submitted/Written: 02/24/2008 11:54:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)

Event Record #/Type133998 / Error
Event Submitted/Written: 02/24/2008 11:54:49 AM
Event ID/Source: 10016 / DCOM
Event Description:
machine-defaultLocalActivation{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC)



-- End of Deckard's System Scanner: finished at 2008-02-24 13:35:08 ------------

-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
 --> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
 --> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
 --> C:\Windows\UNNeroShowTime.exe /UNINSTALL
 --> C:\Windows\UNNeroVision.exe /UNINSTALL
 --> C:\Windows\UNRecode.exe /UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3D Maker by Lokas Software --> C:\Windows\AWuninstall.exe Software\Lokas Ltd\3D Maker
3D Shadow by Lokas Software --> C:\Windows\AWuninstall.exe Software\Lokas Ltd\3D Shadow
Add or Remove Adobe Creative Suite 3 Design Premium --> C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium --> MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3 --> C:\Program Files\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup --> C:\Program Files\Common Files\Adobe\Installers\bbfb298f5bb342eb427cf89dcc6de05\Setup.exe
Adobe Setup --> MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alien Skin Blow Up --> C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\BLOWUP~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~2\Plug-Ins\ALIENS~1\BLOWUP~1\INSTALL.LOG
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A72D3FD-235A-4D19-943F-8727178E82CD}\setup.exe" -l0x9
Artistic Effects by Lokas Software --> C:\Windows\AWuninstall.exe Software\Lokas Ltd\Artistic Effects
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
Astalavista Community_Post Editor 2008 * FINAL RELEASE * --> "C:\Program Files\Astalavista.MS Community\unins000.exe"
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
Autodesk 3ds Max 9 32-bit --> MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4}
AV Bros. Page Curl Pro 2.2 (Remove Only) --> C:\Program Files\Adobe\Adobe Photoshop CS3\Plug-Ins\AV Bros Page Curl Pro 2.2\AVUninstall.exe
BT Auto Backup --> "C:\Program Files\BT Auto Backup\uninstall.exe"
BT Broadband Desktop Help Upgrade Advisor --> "C:\Program Files\Common Files\BTHelena\uninstall.exe"
BT Broadband Talk Softphone 3.1 --> "C:\Program Files\BT Broadband Talk Softphone\unins000.exe"
BT Home Hub --> C:\Program Files.\BTHomeHub.\Uninstall.exe
BT Yahoo! Applications --> C:\Program Files\Yahoo!\Common\uninstall.exe
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Corel MediaOne --> MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Corel Paint Shop Pro Photo XI --> MsiExec.exe /X{93A1B09E-BAFA-4628-A5B6-921CB026955A}
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
Counter-Strike: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source --> MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Dawn Of War --> MsiExec.exe /X{83F12F73-D52E-40C0-93B1-463C311C4E17}
Dawn Of War - Winter Assault --> MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
Dell Resource CD --> MsiExec.exe /X{2764CA82-DFB9-4498-AF85-719340BF5305}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
DietMP3 4.03.00 --> "C:\Program Files\DietMP3\unins000.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DU Meter --> "C:\Program Files\DU Meter\unins000.exe"
Duel Tool v5 --> MsiExec.exe /X{9083311E-6546-4346-977B-945FE96A1654}
‰ô»ØÌƳ¯ --> C:\Program Files\MHTC\Uninstall.exe
Easy CD-DA Extractor 11 --> "C:\Windows\Easy CD-DA Extractor 11.0.3\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 11\irunin.xml"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Genuine Fractals 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC38B36B-90F8-4C1F-8AC9-236B851B8871}\setup.exe" -l0x9  -uninst  -removeonly
Half-Life 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/220
Half-Life 2: Deathmatch --> "C:\Program Files\Steam\steam.exe" steam://uninstall/320
Half-Life 2: Lost Coast --> "C:\Program Files\Steam\steam.exe" steam://uninstall/340
Half-Life Deathmatch: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/360
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
Half-Life: Source --> "C:\Program Files\Steam\steam.exe" steam://uninstall/280
HijackThis 1.99.1 --> C:\Users\Derek\AppData\Local\Temp\Rar$EX23.3524\HijackThis.exe /uninstall
Intellihance Pro 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32C7FDDF-8D18-4B29-B81A-CDA512093274}\setup.exe" -l0x9  -uninst  -removeonly
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
Kaspersky Internet Security 7.0 --> MsiExec.exe /I{C774410D-3EF9-4DE7-AC01-332613163ECF}
LimeWire PRO 4.14.10 --> "C:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 1.9c --> C:\Program Files\LittleFighter2\LF2_v1.9c\uninst.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MessengerDiscovery Live 1.3.0322 --> "C:\Program Files\MessengerDiscovery\unins000.exe"
Microsoft AppLocale --> MsiExec.exe /I{394BE3D9-7F57-4638-A8D1-1D88671913B7}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Windows Application Compatibility Database --> C:\Windows\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need for Speed™ Most Wanted --> C:\Users\Derek\Desktop\Need for Speed Most Wanted\EAUninstall.exe
Nero 7 --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
ooVoo --> "C:\Program Files\InstallShield Installation Information\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\setup.exe" -runfromtemp -l0x0009 -removeonly
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFrame Pro 3.1 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5F073685-ADDB-4D5A-98E9-0F795989A57F}\setup.exe" -l0x9  -uninst  -removeonly
Power Retouche Pro --> C:\Program Files\Plug-Ins\PowerRetouche\UnInstall_PRPro.exe
QT Lite 1.1.1 --> "C:\Program Files\QT Lite\unins000.exe"
RapidShare Manager --> rundll32.exe dfshim.dll,ShArpMaintain RapidShareManager.application, Culture=neutral, PublicKeyToken=c14d24c3c9280019, processorArchitecture=msil
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RoboTask 2.5.1 --> "C:\Program Files\RoboTask\unins000.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Silkroad --> C:\Program Files\Silkroad\Remove.Exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson File Manager --> MsiExec.exe /X{60E5B847-2353-4AE3-829E-685937EDDC40}
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
StuffPlug 3 --> C:\Program Files\StuffPlug3\Uninstall.exe
Topaz Vivacity --> MsiExec.exe /I{C13A8E73-7E98-4295-BA94-6931701CD1F9}
TrillPack v3.1 Final (remove only) --> C:\Program Files\Trillian\TrillPack_delete.exe
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}

-- Find3M Report ---------------------------------------------------------------

2008-02-24 13:28:34         0 d-------- C:\Users\Derek\AppData\Roaming\DMCache
2008-02-24 13:25:03         0 d-------- C:\Users\Derek\AppData\Roaming\Skype
2008-02-24 13:06:28         0 d-------- C:\Users\Derek\AppData\Roaming\Adobe
2008-02-24 08:08:54         0 d-------- C:\Users\Derek\AppData\Roaming\skypePM
2008-02-23 19:25:37         0 d-------- C:\Program Files\Steam
2008-02-22 20:23:11         0 d-------- C:\Program Files\Trillian
2008-02-22 18:55:57         0 d-------- C:\Users\Derek\AppData\Roaming\dvdcss
2008-02-22 09:11:43         0 d-------- C:\Program Files\Common Files\Adobe
2008-02-22 07:57:13         0 d-------- C:\Program Files\Internet Download Manager
2008-02-21 12:47:19         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-20 06:17:25         0 d-------- C:\Program Files\Silkroad
2008-02-19 20:56:00         0 d-------- C:\Users\Derek\AppData\Roaming\Corel
2008-02-19 19:29:18     10068 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-02-19 11:20:50         0 d-------- C:\Users\Derek\AppData\Roaming\Xfire
2008-02-16 18:32:47         0 d-------- C:\Users\Derek\AppData\Roaming\uTorrent
2008-02-16 18:31:54         0 d-------- C:\Program Files\Common Files\Steam
2008-02-14 22:11:45         0 d-------- C:\Users\Derek\AppData\Roaming\ooVoo Details
2008-02-13 08:22:44         0 d-------- C:\Users\Derek\AppData\Roaming\U3
2008-02-09 18:10:07         0 d-------- C:\Users\Derek\AppData\Roaming\IDM
2008-02-05 17:50:03         0 d---s---- C:\Program Files\Xfire
2008-02-01 06:57:50         0 d-------- C:\Program Files\K-Lite Codec Pack
2008-01-31 17:32:53         0 d-------- C:\Program Files\LD-Anime
2008-01-30 15:48:14         0 d-------- C:\Users\Derek\AppData\Roaming\LimeWire
2008-01-28 21:50:11         0 d-------- C:\Program Files\WinPcap
2008-01-28 21:49:43         0 d-------- C:\Program Files\Messenger Plus! Live
2008-01-26 21:50:05         0 d-------- C:\Program Files\Common Files
2008-01-26 21:49:51         0 d-------- C:\Program Files\Common Files\Real
2008-01-26 21:35:36         0 d-------- C:\Program Files\Real
2008-01-23 10:17:17         0 d-------- C:\Users\Derek\AppData\Roaming\Real
2008-01-20 17:21:58         0 d-------- C:\Users\Derek\AppData\Roaming\Xi
2008-01-20 12:04:24         0 d-------- C:\Users\Derek\AppData\Roaming\Talkback
2008-01-18 15:35:02         0 d-------- C:\Program Files\BT Auto Backup
2008-01-14 16:37:59         0 d-------- C:\Users\Derek\AppData\Roaming\eMule
2008-01-14 16:37:59         0 d-------- C:\Program Files\eMule
2008-01-14 16:37:28         0 d-------- C:\Program Files\MessengerDiscovery
2008-01-13 12:02:15         0 d-------- C:\Program Files\Astalavista.MS Community
2008-01-12 16:30:33         0 d-------- C:\Program Files\Easy CD-DA Extractor 11
2008-01-10 18:28:27         0 d-------- C:\Users\Derek\AppData\Roaming\BT
2008-01-10 18:28:27         0 d-------- C:\Program Files\BT Broadband Talk Softphone
2008-01-10 17:24:47         0 d-------- C:\Program Files\Yahoo!
2008-01-10 17:23:05         0 d-------- C:\Program Files\Common Files\BTHelena
2008-01-10 17:23:05         0 d-------- C:\Program Files\BBDesktopHelpUpgradeAdvisor
2008-01-10 17:21:56         0 d-------- C:\Program Files\Common Files\Motive
2008-01-10 17:21:43         0 d-------- C:\Program Files\BTHomeHub
2008-01-09 16:21:25         0 d-------- C:\Program Files\Windows Mail
2008-01-09 16:21:22         0 d-------- C:\Program Files\Windows Sidebar
2008-01-08 21:34:06         0 d-------- C:\Program Files\Common Files\Skype
2008-01-07 18:51:28         0 d-------- C:\Program Files\BWMeter
2008-01-07 07:36:17         0 d-------- C:\Program Files\Activision
2008-01-01 21:00:29         0 d-------- C:\Users\Derek\AppData\Roaming\.purple
2008-01-01 20:42:10         0 d-------- C:\Users\Derek\AppData\Roaming\gtk-2.0
2008-01-01 20:34:04         0 d-------- C:\Program Files\Common Files\GTK
2007-12-28 08:18:25         0 d-------- C:\Program Files\Common Files\PCSuite


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [28/04/2007 08:47]
"SigmatelSysTrayApp"="sttray.exe" [22/11/2006 13:56 C:\Windows\sttray.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [11/08/2005 15:30]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [05/02/2007 14:52]
"BigDogPath323VMSnap"="C:\Windows\VMSnap23.exe" [20/07/2006 04:37]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [09/03/2007 17:53]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25/09/2007 00:11]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [28/06/2007 11:51]
"BTHelena_McciTrayApp"="C:\Program Files\BBDesktopHelpUpgradeAdvisor\McciTrayApp.exe" [17/07/2007 10:26]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [20/03/2007 16:40]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" [17/08/2007 10:50]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [17/09/2007 08:07]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [17/09/2007 08:07]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [17/09/2007 08:07]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [16/08/2007 15:19]
"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [11/08/2005 15:30]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [12/03/2007 12:49]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [15/03/2007 11:09]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [07/12/2007 15:08]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 12:34]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [12/12/2007 18:49]
"BTAgile"="C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe" [18/06/2007 09:39]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/07/2007 10:29]
"Steam"="c:\program files\steam\steam.exe" [30/11/2007 19:09]
"ooVoo.exe"="C:\Program Files\ooVoo\ooVoo.exe" [14/02/2008 14:10]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [21/02/2008 20:36]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [02/11/2006 12:33]

C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [28/02/2005 17:25:37]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [31/01/2008 02:02:36]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - C:\Windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [20/09/2007 16:43:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDogPath323Domino"=C:\Windows\Domino.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\T]
AutoRun\command- T:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{017461c3-6e59-11dc-9ce4-0019d122c213}]
AutoRun\command- L:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{017461c6-6e59-11dc-9ce4-0019d122c213}]
AutoRun\command- S:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4fd954e6-fa33-11db-bd0b-0019d122c213}]
AutoRun\command- L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{746708f6-6790-11dc-ac9c-0019d122c213}]
AutoRun\command- M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{746708fd-6790-11dc-ac9c-0019d122c213}]
AutoRun\command- T:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{746708ff-6790-11dc-ac9c-0019d122c213}]
AutoRun\command- U:\PortableApps\PortableAppsMenu\PortableAppsMe