I think i recently got this stuff my frostwire keep opening itself. i ran Metallica's BFU uninstaller but the it keeps crashing at the heuristc part. anyway I'm posting my HIjackThis log so if anyone is kind enough to help can have an idea what the [bleep] is going on in my comp. Thx for everything

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 01:00:24, on 2007/12/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Colin\My Documents\我已接收的檔案\HiJackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xii\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EyeGuard] C:\Program Files\EyeGuard\EyeGuard.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.auckland.ac...s/ebraryRdr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} (BullCSP Class) - https://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122776591484
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://www.omg.com.tw/ActiveX/MacroWell.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9343 bytes

Sorry for the delay. If you have the SDFix can you post that here, and then do the following

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

here's the sdfix report :)


SDFix: Version 1.118

Run by Colin on 2007/12/14 星期五 at 下午 09:56

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\NSPRS.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH2.DLL - Deleted
C:\WINDOWS\Fonts\svchost.exe - Deleted
C:\WINDOWS\Fonts\'\*.zip - 10138 File(s) 6,467,425,582 bytes - Deleted



Folder C:\WINDOWS\Fonts\' - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-14 22:37:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\36d*`\x91d7\x91d7\3t]
"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,76,10,d3,48,bf,..
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\36d*`\x91d7\x91d7\3t]
"DisplayName"="\x641e\x602a\x78b0\x78b0\x7403"
"UninstallString"="Roger_Unins.exe C:\Program Files\NIEO\GAME\BALL\uninstall.ini"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\\36d*`\x91d7\x91d7\3ta!3]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,..
"Changed"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Gamania\SiKN7]
"Order"=hex:08,00,00,00,02,00,00,00,f8,01,00,00,01,00,00,00,04,00,00,00,7a,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero\(u6b\acWS]
"Order"=hex:08,00,00,00,02,00,00,00,d8,01,00,00,01,00,00,00,03,00,00,00,96,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\CU\x95e2?\x8fb12RjU]
"Order"=hex:08,00,00,00,02,00,00,00,38,04,00,00,01,00,00,00,09,00,00,00,76,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\8Vf\xf299|]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,02,00,00,00,7e,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\<\gY\x5f33\x0080b]
"Order"=hex:08,00,00,00,02,00,00,00,6a,00,00,00,01,00,00,00,01,00,00,00,5e,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\<\gY\x5f33\x0080b\J?b]
"Order"=hex:08,00,00,00,02,00,00,00,76,00,00,00,01,00,00,00,01,00,00,00,6a,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\<\gY\x5f33\x0080b\J?b\\36d*`\x91d7\x91d7\3t]
"Order"=hex:08,00,00,00,02,00,00,00,04,01,00,00,01,00,00,00,02,00,00,00,7e,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\<\gY\x5f33\x0080bJ?b]
"Order"=hex:08,00,00,00,02,00,00,00,7c,00,00,00,01,00,00,00,01,00,00,00,70,..

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\<\gY\x5f33\x0080bJ?b\\36d*`\x91d7\x91d7\3ta!3]
"Order"=hex:08,00,00,00,02,00,00,00,9c,01,00,00,01,00,00,00,03,00,00,00,84,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\xebe4@b\5z\x74e0?3u1X\xe0d9q}]
"Order"=hex:08,00,00,00,02,00,00,00,aa,01,00,00,01,00,00,00,03,00,00,00,7e,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\?6q8\xe3d3Q2]
"Order"=hex:08,00,00,00,02,00,00,00,8e,01,00,00,01,00,00,00,03,00,00,00,86,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\\36d*`\x91d7\x91d7\3ta!3]
"DisplayName"="\x641e\x602a\x78b0\x78b0\x7403\x21613D\x7248"
"UninstallString"="C:\Program Files\NieoGame\3dballplay\RemoveR\RemoveR.exe C:\Program Files\NieoGame\3dballplay\uninstall.ini"

scanning hidden files ...

C:\Documents and Settings\Colin Wu\Local Settings\Application Data\Microsoft\Messenger\alborufus@gmail.com\SharingMetadata\potter_anthony@hotmail.com\DFSR\Staging\CS{8AD2A34D-AC30-B802-5AE8-3828EA09D4D7}\01\10-{8AD2A34D-AC30-B802-5AE8-3828EA09D4D7}-v1-{0162247B-AF68-42FA-B46C-8B1BC5ED5218}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\Colin Wu\Local Settings\Application Data\Microsoft\Messenger\gouki_ichimonji@hotmail.com\SharingMetadata\nite.spirit@hotmail.com\DFSR\Staging\CS{D365F17C-AE58-92B0-EE00-707B58046B43}\01\10-{D365F17C-AE58-92B0-EE00-707B58046B43}-v1-{EDD72A2C-785E-4E66-A34B-54F925B0A325}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 6


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 14 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Mon 26 Nov 2007 58,368 A..H. --- "C:\RECYCLER\S-1-5-21-329068152-299502267-725345543-1005\Dc8.tmp"
Thu 20 Sep 2007 98,304 A..H. --- "C:\WINDOWS\system32\MSVRCTD.DLL"
Thu 20 Sep 2007 243,788 A..H. --- "C:\WINDOWS\system32\MSVRCTDR.dll"
Tue 7 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 5 Jun 2006 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv15.bak"
Tue 9 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 6 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\573b8bee2d25ffedabde94732ae6dbae\BIT1F.tmp"
Sat 19 Aug 2006 65,536 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0001.tmp"
Fri 25 Aug 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0004.tmp"
Thu 8 Dec 2005 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0005.tmp"
Tue 24 Jan 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0006.tmp"
Wed 4 Oct 2006 22,528 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0007.tmp"
Mon 10 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0008.tmp"
Tue 6 Mar 2007 253,440 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0077.tmp"
Tue 6 Mar 2007 248,320 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0090.tmp"
Tue 24 Jan 2006 141,824 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0118.tmp"
Tue 24 Jan 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0157.tmp"
Tue 6 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0181.tmp"
Sun 13 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0307.tmp"
Wed 28 Mar 2007 23,552 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0319.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0337.tmp"
Wed 28 Mar 2007 25,600 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0369.tmp"
Tue 6 Mar 2007 249,344 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0413.tmp"
Tue 6 Mar 2007 238,080 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0424.tmp"
Tue 6 Mar 2007 30,720 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0425.tmp"
Sat 19 Aug 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0443.tmp"
Sat 19 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0480.tmp"
Tue 6 Mar 2007 240,640 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0481.tmp"
Thu 23 Feb 2006 39,936 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0482.tmp"
Wed 5 Jul 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0515.tmp"
Tue 6 Mar 2007 251,904 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0518.tmp"
Mon 26 Nov 2007 48,128 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0560.tmp"
Mon 26 Nov 2007 47,104 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0604.tmp"
Tue 22 Aug 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0628.tmp"
Fri 25 Aug 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0633.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0655.tmp"
Tue 6 Mar 2007 239,104 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0737.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0774.tmp"
Thu 26 Jul 2007 29,184 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0798.tmp"
Thu 23 Feb 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0825.tmp"
Wed 20 Dec 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0832.tmp"
Wed 5 Jul 2006 22,528 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0873.tmp"
Wed 5 Jul 2006 22,528 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0894.tmp"
Wed 5 Jul 2006 23,040 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0953.tmp"
Tue 24 Jan 2006 22,016 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL0985.tmp"
Sun 13 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1070.tmp"
Thu 23 Feb 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1118.tmp"
Thu 26 Jul 2007 28,672 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1161.tmp"
Mon 26 Nov 2007 47,104 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1164.tmp"
Thu 23 Feb 2006 39,936 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1182.tmp"
Tue 24 Jan 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1214.tmp"
Tue 6 Mar 2007 248,832 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1252.tmp"
Tue 6 Mar 2007 248,832 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1302.tmp"
Tue 6 Mar 2007 29,696 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1343.tmp"
Thu 23 Feb 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1424.tmp"
Thu 23 Feb 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1494.tmp"
Tue 6 Mar 2007 240,128 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1499.tmp"
Wed 20 Dec 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1518.tmp"
Tue 6 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1559.tmp"
Thu 23 Feb 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1712.tmp"
Tue 22 Aug 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1758.tmp"
Thu 26 Jul 2007 28,672 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1764.tmp"
Thu 23 Feb 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1837.tmp"
Thu 23 Feb 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1852.tmp"
Wed 20 Dec 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1853.tmp"
Tue 6 Mar 2007 246,784 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL1941.tmp"
Mon 10 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2006.tmp"
Tue 6 Mar 2007 165,888 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2021.tmp"
Wed 5 Jul 2006 23,040 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2134.tmp"
Thu 23 Feb 2006 38,400 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2151.tmp"
Tue 6 Mar 2007 19,456 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2153.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2162.tmp"
Sun 13 Aug 2006 22,528 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2220.tmp"
Thu 26 Jul 2007 22,016 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2234.tmp"
Thu 26 Jul 2007 20,480 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2300.tmp"
Tue 6 Mar 2007 243,200 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2313.tmp"
Thu 23 Feb 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2349.tmp"
Tue 22 Aug 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2388.tmp"
Fri 25 Aug 2006 19,456 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2427.tmp"
Tue 6 Mar 2007 255,488 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2463.tmp"
Mon 26 Nov 2007 47,616 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2474.tmp"
Thu 23 Feb 2006 39,424 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2504.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2540.tmp"
Tue 24 Jan 2006 22,528 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2571.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2591.tmp"
Tue 6 Mar 2007 247,296 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2685.tmp"
Tue 6 Mar 2007 29,696 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2712.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2735.tmp"
Thu 23 Feb 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2866.tmp"
Tue 6 Mar 2007 243,712 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2868.tmp"
Sun 13 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2914.tmp"
Sat 19 Aug 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL2967.tmp"
Tue 6 Mar 2007 251,392 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3010.tmp"
Tue 24 Jan 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3018.tmp"
Thu 23 Feb 2006 38,400 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3019.tmp"
Tue 6 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3024.tmp"
Fri 14 Jul 2006 65,536 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3135.tmp"
Mon 10 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3146.tmp"
Tue 6 Mar 2007 253,440 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3164.tmp"
Tue 6 Mar 2007 250,368 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3173.tmp"
Thu 23 Feb 2006 38,400 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3221.tmp"
Tue 22 Aug 2006 19,968 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3247.tmp"
Thu 23 Feb 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3258.tmp"
Tue 6 Mar 2007 249,856 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3315.tmp"
Tue 19 Jun 2007 28,160 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3328.tmp"
Sun 13 Aug 2006 22,528 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3381.tmp"
Thu 23 Feb 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3403.tmp"
Thu 23 Feb 2006 38,912 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3494.tmp"
Thu 23 Feb 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3569.tmp"
Mon 26 Nov 2007 47,616 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3571.tmp"
Sun 18 Feb 2007 763,904 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3575.tmp"
Tue 6 Mar 2007 234,496 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3592.tmp"
Sun 13 Aug 2006 20,992 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3622.tmp"
Tue 6 Mar 2007 247,808 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3639.tmp"
Tue 24 Jan 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3693.tmp"
Mon 10 Sep 2007 19,456 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3734.tmp"
Tue 22 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3765.tmp"
Sun 13 Aug 2006 21,504 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3778.tmp"
Tue 6 Mar 2007 30,208 ...H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3866.tmp"
Thu 23 Feb 2006 37,888 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL3960.tmp"
Tue 24 Jan 2006 20,480 A..H. --- "C:\Documents and Settings\Colin Wu\Application Data\Microsoft\Word\~WRL4083.tmp"
Tue 7 Feb 2006 4,348 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\My Music\License Backup\drmv1key.bak"
Mon 5 Jun 2006 401 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\My Music\License Backup\drmv1lic.bak"
Mon 19 Sep 2005 312 A.SH. --- "C:\Documents and Settings\Colin Wu\My Documents\My Music\License Backup\drmv2key.bak"
Sat 16 Dec 2006 45,318,120 A.SH. --- "C:\Documents and Settings\Colin Wu\My Documents\peersmarked\我的掃瞄\SIV207.tmp"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\aob02nt.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\aqduedr.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\cily89x.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\cmglxq2.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\cveca8s.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ertdze9.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ft55hqv.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\gyxf8uw.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\h1qpigc.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\h5yvknz.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\hjkwv6a.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\hv0ka73.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\i8sinv6.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\iidvk7a.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\jpjn93r.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\jrhm62i.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\mpvucgc.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\mwx5yze.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\nfaebc1.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\o700esh.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\omm1zg3.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\pcr8ous.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\q04pv0n.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\q2wlwe9.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\qk7owy5.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\r9f5guq.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\rv8ojpc.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\t3xazxe.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\takowg9.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\u0o5vkt.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\u5hh2iv.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\ubsw7ei.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\uys5fbf.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\vqs4bw3.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\w3wthrl.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\wtw83cg.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\x3tnzb2.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\xnzv03m.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\xo7xz29.dll"
Sun 21 Oct 2007 16 ...H. --- "C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\yaehs9k.dll"
Sun 27 Nov 2005 141,824 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\MyronA\Ao152786\152786 New\20051030\~WRL1140.tmp"
Tue 24 Jan 2006 141,824 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\MyronA\Ao152786\152786 New\20051030\~WRL2710.tmp"
Sat 19 Aug 2006 22,016 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\MyronA\AoPhDtopics\Complex system\Business ecosystem\~WRL0863.tmp"
Wed 24 May 2006 1,229,824 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\Jessie\previous\2006\Lectures\Semester 1 2006\BIOSCI107\Muscle\~WRL0055.tmp"
Wed 24 May 2006 581,632 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\Jessie\previous\2006\Lectures\Semester 1 2006\BIOSCI107\Muscle\~WRL2715.tmp"
Wed 24 May 2006 1,483,264 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\Jessie\previous\2006\Lectures\Semester 1 2006\BIOSCI107\Muscle\~WRL3643.tmp"
Wed 24 May 2006 1,483,264 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\Jessie\previous\2006\Lectures\Semester 1 2006\BIOSCI107\Muscle\~WRL3941.tmp"
Wed 24 May 2006 1,483,776 A..H. --- "C:\Documents and Settings\Colin Wu\My Documents\Jessie\previous\2006\Lectures\Semester 1 2006\BIOSCI107\Muscle\~WRL4100.tmp"

Finished!

here are the dss logs

main.txt

Deckard's System Scanner v20071014.68
Run by Colin on 2007-12-15 15:56:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2007-12-15 02:56:54 UTC - RP6 - Deckard's System Scanner Restore Point
1: 2007-12-14 03:34:21 UTC - RP5 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).


-- HijackThis (run as Colin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 03:58:03, on 2007/12/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Colin\Desktop\dss.exe
C:\WINDOWS\system32\conime.exe
C:\DOCUME~1\Colin\MYDOCU~1\我已接~1\Colin.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xii\NetXfer\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [gemstrmw] C:\WINDOWS\system32\gemstrmw.exe /r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-329068152-299502267-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Colin Wu')
O4 - HKUS\S-1-5-21-329068152-299502267-725345543-1005\..\Run: [PowerBar] (User 'Colin Wu')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com.ezproxy.auckland.ac...s/ebraryRdr.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} (BullCSP Class) - https://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1122776591484
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://www.omg.com.tw/ActiveX/MacroWell.CAB
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7106 bytes

-- File Associations -----------------------------------------------------------

.chm - chm.file - shell\open\command - "hh.exe" %1
.hlp - hlpfile - shell\open\command - winhlp32.exe %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys (file missing)
S3 catchme - c:\docume~1\colinw~1\locals~1\temp\catchme.sys (file missing)
S3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
S3 gMouPS2 (PS2 Scroll Mouse Device) - c:\windows\system32\drivers\gmoups2.sys (file missing)
S3 S3chipid - c:\docume~1\colinw~1\locals~1\temp\s3chipid.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-15 09:49:54 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-11-15 and 2007-12-15 -----------------------------

2007-12-14 21:54:20 0 d-------- C:\WINDOWS\ERUNT
2007-12-14 15:15:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-14 15:15:42 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-13 16:01:54 0 d-------- C:\Documents and Settings\Colin\Application Data\FrostWire
2007-12-13 16:01:42 0 d-------- C:\Program Files\FrostWire
2007-12-13 11:44:31 0 d-------- C:\Documents and Settings\Colin\Incomplete
2007-12-12 12:04:01 147456 --a------ C:\WINDOWS\system32\vbzip10.dll <Not Verified; Info-ZIP; Info-ZIP's WiZ>
2007-12-12 12:02:29 0 d-------- C:\Documents and Settings\Colin\Application Data\GetRightToGo
2007-12-12 11:58:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-12 10:17:18 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-12 10:17:04 0 d-------- C:\Program Files\Windows Live
2007-12-12 10:16:46 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-03 10:47:23 0 d-------- C:\Program Files\Project64 1.6
2007-11-22 12:26:29 0 d-------- C:\Program Files\FLVPlayer


-- Find3M Report ---------------------------------------------------------------

2007-12-15 10:13:12 4558 --a------ C:\WINDOWS\mozver.dat
2007-12-14 15:05:44 69 --a------ C:\WINDOWS\system32\liubox
2007-12-12 10:17:18 0 d-------- C:\Program Files\Common Files
2007-11-28 10:45:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-16 12:30:25 0 d-------- C:\Documents and Settings\Colin\Application Data\Macromedia
2007-11-03 11:05:01 0 d-------- C:\Program Files\Google
2007-10-21 22:25:47 0 d-------- C:\Program Files\Common Files\SPSS
2007-10-21 22:25:44 0 d-------- C:\Program Files\SPSSInc
2007-10-21 22:25:34 342 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-10-21 20:18:05 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-09-20 18:32:59 243788 --ah----t C:\WINDOWS\system32\MSVRCTDR.dll
2007-09-20 18:32:59 98304 --ah----t C:\WINDOWS\system32\MSVRCTD.DLL <Not Verified; ; XPH ?? ?? ?????>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2003/08/20 下午 04:56 C:\WINDOWS\system32\VTTimer.exe]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003/12/08 下午 06:35]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001/07/09 下午 12:50]
"SoundMan"="SOUNDMAN.EXE" [2004/01/09 上午 07:54 C:\WINDOWS\SOUNDMAN.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005/05/11 下午 11:12]
"gemstrmw"="C:\WINDOWS\system32\gemstrmw.exe" [2003/04/03 上午 01:14]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005/06/07 上午 12:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007/09/25 上午 01:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007/12/05 上午 02:00]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006/11/03 下午 07:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005/11/11 上午 10:48]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007/10/10 下午 07:51]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004/08/05 上午 01:00]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007/10/18 上午 11:34]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Colin Wu^Start Menu^Programs^Startup^TotalAntiSpyware.lnk]
path=C:\Documents and Settings\Colin Wu\Start Menu\Programs\Startup\TotalAntiSpyware.lnk
backup=C:\WINDOWS\pss\TotalAntiSpyware.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe




-- End of Deckard's System Scanner: finished at 2007-12-15 15:58:33 ------------

AND extra.txt is o'ver here

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 447.48 MiB / 112.29 MiB
Pagefile Memory (total/avail): 1054.73 MiB / 784.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 47.49 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 071214-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetLogo 3.0\\HubNet Client 3.0.exe"="C:\\Program Files\\NetLogo 3.0\\HubNet Client 3.0.exe:*:Enabled:LaunchAnywhere GUI"
"C:\\Program Files\\Gamania\\MapleStory\\Patcher.exe"="C:\\Program Files\\Gamania\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Gamania\\MapleStory\\NewPatcher.exe"="C:\\Program Files\\Gamania\\MapleStory\\NewPatcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\NetLogo 3.0.2\\HubNet Client 3.0.2.exe"="C:\\Program Files\\NetLogo 3.0.2\\HubNet Client 3.0.2.exe:*:Enabled:LaunchAnywhere GUI"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\MATLAB_SV71\\bin\\win32\\MATLAB.exe"="C:\\Program Files\\MATLAB_SV71\\bin\\win32\\MATLAB.exe:*:Enabled:MATLAB"
"C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Disabled:BitLord"
"C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"="C:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe:*:Enabled:FreeCall"
"C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe"="C:\\Program Files\\Wizet\\MapleStory\\Patcher.exe:*:Enabled:Patcher MFC ?? ????"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\勇者泡泡龍online-BBO\\Game.exe"="C:\\Program Files\\勇者泡泡龍online-BBO\\Game.exe:*: